针对ZigBee协议MAC层安全的综合检测算法
|
摘要
随着信息技术,尤其是计算机和互联网的发展,基于传感技术的物联网应运而生。而ZigBee办议由于其低功耗、低成小以及高安全等优点,成为当前生产、生活中应用最为广泛的物联网协议。因此,该协议是否具有较高的安全性、能否抵抗恶意攻击,值的进行深入的探索研究。但目前不管国内还是国外方面,针对该协议的安全研究还比较少。
本文在深入研究了ZigBee协议MAC层安全机制和数据帧结构的基础上,对随机Fuzzing测试技术进行了算法改进,融合边界测试、结构Fuzzing和节点克隆的测试思想和攻击方法,提出了一种有效的针对ZigBee协议MAC层安全的综合检测算法。经过理论推导分析得知,使用该检测算法不仅能够有效地减少随机化测试中产生的测试用例数量,还能够提高测试用J例的可用比例。通过等价类划分的测试思想,本文对这一综合检测算法的测试用例路径覆盖度进行了覆盖度评估,发现相对于使用单一测试思想进行Fuzzing测试,使用该测试算法不仅能够大幅度提高Fuzzing测试效率,在路径覆盖度上,更比结构Fuzzing提高了50%。
本文以该算法为基础,设计研发了针对ZigBee协议MAC层的Fuzzing测试工具,并对基于CC2430设备搭建的ZigBee网络进行动态安全检测。测试过程中,触发了ZigBee协议MAC层一个新的安全漏洞。利用该漏洞可造成主协调器停止工作,终端节点与主协调器断开连接,进而造成无线网络的崩溃,这个结果也间接证明了该综合检测算法的有效性。
本文的最后在总结了当前阶段工作取得的一系列成果的同时,还分析了目前工作中的不足之处,并为后期工作的开展制定了较为详细的计划。
With the development of information technology, especially in computers and the Internet technology, the Internet of Things based on sensing technology network came into being. Due to low power consumption and cost and high level security, ZigBee protocol is widely adopted in production and living environment. Therefore, it is worth to conduct deeper researches about whether the protocol has high-security and its ability to resist malicious attacks. However, researches in the security of ZigBee protocol are still blank for both domestic and foreign institution.
In this thesis, the security of the mechanism and data frame structure on the layer of MAC is deeply investigated. Based on the random fuzzing test, a kind of comprehensive detection algorithm is put forward. This comprehensively improved detection algorithm integrates the core idea of BVA, node replication test and structure fuzzing. With the assistance of theoretical analysis, it is known that the comprehensively improved detection algorithm is not only able to reduce the number of test cases generated in randomization testing effectively, but also improving the proportion of available test cases. In order to estimate the coverage of testing path that detection algorithm covers, the testing idea of equivalence partitioning is used. According to the analysis of results, we can conclude that this comprehensive detection algorithm would largely enhance the efficiency of Fuzzing Test by using less but reliable test cases as well as make a more comprehensive Fuzzing detection.
Based on the comprehensive detection algorithm, a Fuzzing test tool aiming for the MAC layer of ZigBee protocol was designed and developed. Then we performed a dynamic safety test on ZigBee networks based on CC2430devices. In the testing process, a new vulnerability of MAC layer was triggered. By exploiting this vulnerability, the PAN coordinator would stop working, lost connection with terminal devices and cause the collapse of the wireless network at last. This result indirectly proves the validity of our comprehensive detection algorithm in exploiting vulnerabilities of ZigBee protocol.
In the end, we summarized the achievements made in the current stage of research, and analyzed the inadequacies in the current research. Then a detailed plan for the latter part of research is carried out.
本文在深入研究了ZigBee协议MAC层安全机制和数据帧结构的基础上,对随机Fuzzing测试技术进行了算法改进,融合边界测试、结构Fuzzing和节点克隆的测试思想和攻击方法,提出了一种有效的针对ZigBee协议MAC层安全的综合检测算法。经过理论推导分析得知,使用该检测算法不仅能够有效地减少随机化测试中产生的测试用例数量,还能够提高测试用J例的可用比例。通过等价类划分的测试思想,本文对这一综合检测算法的测试用例路径覆盖度进行了覆盖度评估,发现相对于使用单一测试思想进行Fuzzing测试,使用该测试算法不仅能够大幅度提高Fuzzing测试效率,在路径覆盖度上,更比结构Fuzzing提高了50%。
本文以该算法为基础,设计研发了针对ZigBee协议MAC层的Fuzzing测试工具,并对基于CC2430设备搭建的ZigBee网络进行动态安全检测。测试过程中,触发了ZigBee协议MAC层一个新的安全漏洞。利用该漏洞可造成主协调器停止工作,终端节点与主协调器断开连接,进而造成无线网络的崩溃,这个结果也间接证明了该综合检测算法的有效性。
本文的最后在总结了当前阶段工作取得的一系列成果的同时,还分析了目前工作中的不足之处,并为后期工作的开展制定了较为详细的计划。
With the development of information technology, especially in computers and the Internet technology, the Internet of Things based on sensing technology network came into being. Due to low power consumption and cost and high level security, ZigBee protocol is widely adopted in production and living environment. Therefore, it is worth to conduct deeper researches about whether the protocol has high-security and its ability to resist malicious attacks. However, researches in the security of ZigBee protocol are still blank for both domestic and foreign institution.
In this thesis, the security of the mechanism and data frame structure on the layer of MAC is deeply investigated. Based on the random fuzzing test, a kind of comprehensive detection algorithm is put forward. This comprehensively improved detection algorithm integrates the core idea of BVA, node replication test and structure fuzzing. With the assistance of theoretical analysis, it is known that the comprehensively improved detection algorithm is not only able to reduce the number of test cases generated in randomization testing effectively, but also improving the proportion of available test cases. In order to estimate the coverage of testing path that detection algorithm covers, the testing idea of equivalence partitioning is used. According to the analysis of results, we can conclude that this comprehensive detection algorithm would largely enhance the efficiency of Fuzzing Test by using less but reliable test cases as well as make a more comprehensive Fuzzing detection.
Based on the comprehensive detection algorithm, a Fuzzing test tool aiming for the MAC layer of ZigBee protocol was designed and developed. Then we performed a dynamic safety test on ZigBee networks based on CC2430devices. In the testing process, a new vulnerability of MAC layer was triggered. By exploiting this vulnerability, the PAN coordinator would stop working, lost connection with terminal devices and cause the collapse of the wireless network at last. This result indirectly proves the validity of our comprehensive detection algorithm in exploiting vulnerabilities of ZigBee protocol.
In the end, we summarized the achievements made in the current stage of research, and analyzed the inadequacies in the current research. Then a detailed plan for the latter part of research is carried out.
引文
[1]袁国智,董毅明.我国物朕网产业现状及其发展对策分析[J].商业时代,2011,(4):28-29.
[2]蔡日梅.物联网概述[J].电子产品可靠性与环境试验,2011,29(1):59-63.
[3]赵娟.物联网在智能交通中的应用[J].黑龙江交通科技,2011,34(3):119-120.
[4]马文杰.物联网安全技术的研究与应用[D].山东大学,2011.
[5]王冬.面向移动物联网的服务匹配和隐私保护方法研究[D].天津理工大学,2012.
[6]杨光,耿贵宁,都婧等.物联网安全威胁与措施[C].//第四届信息全漏洞分析与风险评估大会论文集.2011:479-487.
[7]李晓明,张彬,贾巧丽等.物联网发展趋势分析[J].中国新通信,2011,(19):82-88.
[8]陈立,李春香,李志勇等.基于物联网的智慧城市的内涵、特征与要素构成[J].硅谷,2012,(9):15-16.
[9]王志文,邓少灵.物联网信息安全特点及防范对策[J].科技信息,2011,(12):27-28.
[10]彭勇,谢丰,郭晓静,等.物联网安全问题对策研究[J].专题研究,2011,10:4-6
[11]武传坤.物联网安全架构初探[J].战略与决策研究,2010,25(4):411-419.
[12]薛雨杨.无线局域网安全标准的安全性分析与检测[D].合肥:中国科技大学,2009.
[13]孙梦梦,刘元安,刘凯明.物联网中的安全问题分析及安全机制研究[J].保密科学技术,2011(11):61-66.
[14]刘宁.无线传感器网络安全研究[D].西北大学,2009.
[15]Naveen Sastry, David Wagner. Security Considerations for IEEE 802.15.4 Networks[C]//Proceedings of 2004 ACM Workshop on Wireless Security. Philadelphia: Association for Computing Machinery,2004:32-42.
[16]Yang Xiao, Chen Hsiao-Hwa, Sun Bo, Wang Ruhai, Sakshi Sethi. MAC Security and Security Overhead Analysis in the IEEE 802.15.4 Wireless Sensor Networks[J]. Eurasip Journal on Wireless Communications and Networking,2006:1-12.
[17]Junjie Xiong, Edith C.-H. Ngai, Yangfan Zhou, Michael R. Lyu. RealProct:Reliable Protocol Conformance Testing with Real Nodes for Wireless Sensor Networks[C]//Proc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011,8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on FCST 2011. Changsha:IEEE Computer Society,2011:5712-581.
[18]Yanli Yu, Keqiu Li, Wanlei Zhou, et. Trust mechanisms in wireless sensor networks: Attack analysis and countermeasures[J]. Network and Computer Applications,2012,35: 867-880.
[19]Mendonc,a Manuel, Neves Nuno Ferreira. Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities[C]//Proceedings of IEEE International Symposium on High Assurance Systems Engineering. Dallas, TX, United States:10th IEEE International Symposium on High Assurance Systems Engineering,2007:379-380.
[20]Javier Lopez, Rodrigo Roman, Cristina Alcaraz. Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks[J]. Lecture Notes in Computer Science,2009,5705:289-338.
[21]Shirui Ji, Qinqi Pei, Yong Zeng, et. An Automated Black-box Testing Approach for WSN Security Protocols[C]//Proceedings-2011 7th Internetional Conference on Computational Intelligence and Security, CIS 2011. Sanya, Hainan, China:IEEE Computer Society,2011:693-697.
[22]Yue Qi, Qingqi Pei, Yong Zeng, et. A security testing approach for WSN protocols based on object-oriented attack model[C]. Proceedings-2011 7th Internetional Conference on Computational Intelligence and Security, CIS 2011. Sanya, Hainan, China:IEEE Computer Society,2011:517-520.
[23]Shirui Ji, Qinqi Pei, Yong Zeng, et. An Automated Black-box Testing Approach for WSN Security ProtocoIs[C]//Proceedings-2011 7th International Conference on Computational Intelligence and Security, CIS 2011. Sanya, Hainan, China:IEEE Computer Society,2011:693-697.
[24]成厚富,张玉清.其于Fuzzing的蓝牙OBEX漏洞挖掘技术[J].计算机工程,2008,34(19):151-156.
[25]段镭.针对无线局域网的智能模糊测试[D].北京:北京大学,2012.
[26]焦芳芳,胡正伟,王喆等.无线传感器网络可靠的传输层协议安全性研究[J].数据通信,2010,(6):29-32.
[27]李楠,李培根.通信协议验证的可达性分析方法及其自动化[C].//第四届全国青年计算机会议文集.1992:501-505页.
[28]田国良.安全协议的形式化分析方法及验证技术研究[D].南京邮电大学,2009.
[29]薛雨杨,周颗,赵保华等.无线局域网802.1 X协议安全性分析与检测[J].西安交通大学学报,2009,43(10):52-55.
[30]张玉消.网络安全漏洞研究[J].信息网络安全,2008,(11):24-26.
[31]彭军飞.浅谈计算机网络安全漏洞及防范措施[J].职业,2012,(12):154-155.
[32]单国栋,戴英伙,王航等.计算机漏洞分类研究[J].计算机工程,2002,28(10):3-6.
[33]高峻,徐志大,李健等.漏洞自动挖掘技术研究进展[J].计算机与数字工程,2009,37(1):100-104.
[34]戚兰兰,诸葛建伟,温江涛等.基丁Fuzzing的软件漏洞挖掘技术进展[C].//第四届信息安全漏洞分析与风险评估大会论文集.2011:43-53.
[35]黄奕.基于模糊测试的软件安全漏洞发掘技术研究[D].中国科学技术大学,2010.
[36]SPIKE. http://resources.infosecinstitute.com/intro-to-fuzzing/.
[37]Peach. http://peachfuzzer.com/.
[38]吴志勇,于红川,孙乐吕等.Fuzzing技术综述[J].计算机应用研究,2010,27(3):829-832.DOI:10.3969/j.issn.1001-3695.2010.03.006.
[39]TIELEI WANG,TAO WEI,GUOFEI GU et al.Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution[J].ACM transactions on information and system security,2011,14(2):15.1-15.28.
[40]李伟明,张爱芳,刘建财等.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255.DOI:10.3724/SP.J.1016.2011.00242.
[41]吴瑾,潘启勇,王宜怀等.基于MC13213的单芯片ZigBee平台的物理层协议研究与实现[J].微型机与应用,2010,29(23):61-65.
[42]IEEE 802.15.4. Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs)[S]. New York: LAN/MAN Standards Committee,2006.
[43]苏亚丽.黑盒测试之等价类划分[J].玉溪师范学院学报,2009,25(8):49-52.
[44]楚书来,李卫丽.基于等价类划分的黑盒测试用例设计与实现[J].电脑知识与技术,2012,08(2):322-323,350.
[45]李健,石冬琴.软件黑盒测试方法研究及应用[J].中国高新技术企业,2011,(3):27-29.
[2]蔡日梅.物联网概述[J].电子产品可靠性与环境试验,2011,29(1):59-63.
[3]赵娟.物联网在智能交通中的应用[J].黑龙江交通科技,2011,34(3):119-120.
[4]马文杰.物联网安全技术的研究与应用[D].山东大学,2011.
[5]王冬.面向移动物联网的服务匹配和隐私保护方法研究[D].天津理工大学,2012.
[6]杨光,耿贵宁,都婧等.物联网安全威胁与措施[C].//第四届信息全漏洞分析与风险评估大会论文集.2011:479-487.
[7]李晓明,张彬,贾巧丽等.物联网发展趋势分析[J].中国新通信,2011,(19):82-88.
[8]陈立,李春香,李志勇等.基于物联网的智慧城市的内涵、特征与要素构成[J].硅谷,2012,(9):15-16.
[9]王志文,邓少灵.物联网信息安全特点及防范对策[J].科技信息,2011,(12):27-28.
[10]彭勇,谢丰,郭晓静,等.物联网安全问题对策研究[J].专题研究,2011,10:4-6
[11]武传坤.物联网安全架构初探[J].战略与决策研究,2010,25(4):411-419.
[12]薛雨杨.无线局域网安全标准的安全性分析与检测[D].合肥:中国科技大学,2009.
[13]孙梦梦,刘元安,刘凯明.物联网中的安全问题分析及安全机制研究[J].保密科学技术,2011(11):61-66.
[14]刘宁.无线传感器网络安全研究[D].西北大学,2009.
[15]Naveen Sastry, David Wagner. Security Considerations for IEEE 802.15.4 Networks[C]//Proceedings of 2004 ACM Workshop on Wireless Security. Philadelphia: Association for Computing Machinery,2004:32-42.
[16]Yang Xiao, Chen Hsiao-Hwa, Sun Bo, Wang Ruhai, Sakshi Sethi. MAC Security and Security Overhead Analysis in the IEEE 802.15.4 Wireless Sensor Networks[J]. Eurasip Journal on Wireless Communications and Networking,2006:1-12.
[17]Junjie Xiong, Edith C.-H. Ngai, Yangfan Zhou, Michael R. Lyu. RealProct:Reliable Protocol Conformance Testing with Real Nodes for Wireless Sensor Networks[C]//Proc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011,8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on FCST 2011. Changsha:IEEE Computer Society,2011:5712-581.
[18]Yanli Yu, Keqiu Li, Wanlei Zhou, et. Trust mechanisms in wireless sensor networks: Attack analysis and countermeasures[J]. Network and Computer Applications,2012,35: 867-880.
[19]Mendonc,a Manuel, Neves Nuno Ferreira. Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities[C]//Proceedings of IEEE International Symposium on High Assurance Systems Engineering. Dallas, TX, United States:10th IEEE International Symposium on High Assurance Systems Engineering,2007:379-380.
[20]Javier Lopez, Rodrigo Roman, Cristina Alcaraz. Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks[J]. Lecture Notes in Computer Science,2009,5705:289-338.
[21]Shirui Ji, Qinqi Pei, Yong Zeng, et. An Automated Black-box Testing Approach for WSN Security Protocols[C]//Proceedings-2011 7th Internetional Conference on Computational Intelligence and Security, CIS 2011. Sanya, Hainan, China:IEEE Computer Society,2011:693-697.
[22]Yue Qi, Qingqi Pei, Yong Zeng, et. A security testing approach for WSN protocols based on object-oriented attack model[C]. Proceedings-2011 7th Internetional Conference on Computational Intelligence and Security, CIS 2011. Sanya, Hainan, China:IEEE Computer Society,2011:517-520.
[23]Shirui Ji, Qinqi Pei, Yong Zeng, et. An Automated Black-box Testing Approach for WSN Security ProtocoIs[C]//Proceedings-2011 7th International Conference on Computational Intelligence and Security, CIS 2011. Sanya, Hainan, China:IEEE Computer Society,2011:693-697.
[24]成厚富,张玉清.其于Fuzzing的蓝牙OBEX漏洞挖掘技术[J].计算机工程,2008,34(19):151-156.
[25]段镭.针对无线局域网的智能模糊测试[D].北京:北京大学,2012.
[26]焦芳芳,胡正伟,王喆等.无线传感器网络可靠的传输层协议安全性研究[J].数据通信,2010,(6):29-32.
[27]李楠,李培根.通信协议验证的可达性分析方法及其自动化[C].//第四届全国青年计算机会议文集.1992:501-505页.
[28]田国良.安全协议的形式化分析方法及验证技术研究[D].南京邮电大学,2009.
[29]薛雨杨,周颗,赵保华等.无线局域网802.1 X协议安全性分析与检测[J].西安交通大学学报,2009,43(10):52-55.
[30]张玉消.网络安全漏洞研究[J].信息网络安全,2008,(11):24-26.
[31]彭军飞.浅谈计算机网络安全漏洞及防范措施[J].职业,2012,(12):154-155.
[32]单国栋,戴英伙,王航等.计算机漏洞分类研究[J].计算机工程,2002,28(10):3-6.
[33]高峻,徐志大,李健等.漏洞自动挖掘技术研究进展[J].计算机与数字工程,2009,37(1):100-104.
[34]戚兰兰,诸葛建伟,温江涛等.基丁Fuzzing的软件漏洞挖掘技术进展[C].//第四届信息安全漏洞分析与风险评估大会论文集.2011:43-53.
[35]黄奕.基于模糊测试的软件安全漏洞发掘技术研究[D].中国科学技术大学,2010.
[36]SPIKE. http://resources.infosecinstitute.com/intro-to-fuzzing/.
[37]Peach. http://peachfuzzer.com/.
[38]吴志勇,于红川,孙乐吕等.Fuzzing技术综述[J].计算机应用研究,2010,27(3):829-832.DOI:10.3969/j.issn.1001-3695.2010.03.006.
[39]TIELEI WANG,TAO WEI,GUOFEI GU et al.Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution[J].ACM transactions on information and system security,2011,14(2):15.1-15.28.
[40]李伟明,张爱芳,刘建财等.网络协议的自动化模糊测试漏洞挖掘方法[J].计算机学报,2011,34(2):242-255.DOI:10.3724/SP.J.1016.2011.00242.
[41]吴瑾,潘启勇,王宜怀等.基于MC13213的单芯片ZigBee平台的物理层协议研究与实现[J].微型机与应用,2010,29(23):61-65.
[42]IEEE 802.15.4. Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs)[S]. New York: LAN/MAN Standards Committee,2006.
[43]苏亚丽.黑盒测试之等价类划分[J].玉溪师范学院学报,2009,25(8):49-52.
[44]楚书来,李卫丽.基于等价类划分的黑盒测试用例设计与实现[J].电脑知识与技术,2012,08(2):322-323,350.
[45]李健,石冬琴.软件黑盒测试方法研究及应用[J].中国高新技术企业,2011,(3):27-29.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |