State Machine Mutation-based Testing Framework for Wireless Communication Protocols

Syed Md Mukit Rashid; Tianwei Wu; Kai Tu; Abdullah Al Ishtiaq; Ridwanul Hasan Tanvir; Yilu Dong; Omar Chowdhury; Syed Rafiul Hussain

doi:10.1145/3658644.3690312

State Machine Mutation-based Testing Framework for Wireless Communication Protocols

Syed Md Mukit Rashid, Tianwei Wu, Kai Tu, Abdullah Al Ishtiaq, Ridwanul Hasan Tanvir, Yilu Dong, Omar Chowdhury, Syed Rafiul Hussain

School of Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This paper proposes Proteus, a protocol state machine, property-guided, and budget-aware automated testing approach for discovering logical vulnerabilities in wireless protocol implementations. Proteus maintains its budget awareness by generating test cases (i.e., each being a sequence of protocol messages) that are not only meaningful (i.e., the test case mostly follows the desirable protocol flow except for some controlled deviations) but also have a high probability of violating the desirable properties. To demonstrate its effectiveness, we evaluated Proteus in two different protocol implementations, namely 4G LTE and BLE, across 23 consumer devices (11 for 4G LTE and 12 for BLE). Proteus discovered 25 unique issues, including 112 instances. Affected vendors have positively acknowledged 14 vulnerabilities through 5 CVEs.

Original language	English (US)
Title of host publication	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	2102-2116
Number of pages	15
ISBN (Electronic)	9798400706363
DOIs	https://doi.org/10.1145/3658644.3690312
State	Published - Dec 9 2024
Event	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 - Salt Lake City, United States Duration: Oct 14 2024 → Oct 18 2024

Publication series

Name	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024
Country/Territory	United States
City	Salt Lake City
Period	10/14/24 → 10/18/24

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Computer Science Applications
Software

Access to Document

10.1145/3658644.3690312

Cite this

Mukit Rashid, S. M., Wu, T., Tu, K., Al Ishtiaq, A., Tanvir, R. H., Dong, Y., Chowdhury, O., & Hussain, S. R. (2024). State Machine Mutation-based Testing Framework for Wireless Communication Protocols. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (pp. 2102-2116). (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3658644.3690312

Mukit Rashid, Syed Md ; Wu, Tianwei ; Tu, Kai et al. / State Machine Mutation-based Testing Framework for Wireless Communication Protocols. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. pp. 2102-2116 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

@inproceedings{84dcd7b67ffe40018d3daf7aa09d8e2f,

title = "State Machine Mutation-based Testing Framework for Wireless Communication Protocols",

abstract = "This paper proposes Proteus, a protocol state machine, property-guided, and budget-aware automated testing approach for discovering logical vulnerabilities in wireless protocol implementations. Proteus maintains its budget awareness by generating test cases (i.e., each being a sequence of protocol messages) that are not only meaningful (i.e., the test case mostly follows the desirable protocol flow except for some controlled deviations) but also have a high probability of violating the desirable properties. To demonstrate its effectiveness, we evaluated Proteus in two different protocol implementations, namely 4G LTE and BLE, across 23 consumer devices (11 for 4G LTE and 12 for BLE). Proteus discovered 25 unique issues, including 112 instances. Affected vendors have positively acknowledged 14 vulnerabilities through 5 CVEs.",

author = "{Mukit Rashid}, {Syed Md} and Tianwei Wu and Kai Tu and {Al Ishtiaq}, Abdullah and Tanvir, {Ridwanul Hasan} and Yilu Dong and Omar Chowdhury and Hussain, {Syed Rafiul}",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s). Publication rights licensed to ACM.; 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 ; Conference date: 14-10-2024 Through 18-10-2024",

year = "2024",

month = dec,

day = "9",

doi = "10.1145/3658644.3690312",

language = "English (US)",

series = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "2102--2116",

booktitle = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

}

Mukit Rashid, SM, Wu, T, Tu, K, Al Ishtiaq, A, Tanvir, RH, Dong, Y, Chowdhury, O & Hussain, SR 2024, State Machine Mutation-based Testing Framework for Wireless Communication Protocols. in CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 2102-2116, 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, Salt Lake City, United States, 10/14/24. https://doi.org/10.1145/3658644.3690312

State Machine Mutation-based Testing Framework for Wireless Communication Protocols. / Mukit Rashid, Syed Md; Wu, Tianwei; Tu, Kai et al.
CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. p. 2102-2116 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - State Machine Mutation-based Testing Framework for Wireless Communication Protocols

AU - Mukit Rashid, Syed Md

AU - Wu, Tianwei

AU - Tu, Kai

AU - Al Ishtiaq, Abdullah

AU - Tanvir, Ridwanul Hasan

AU - Dong, Yilu

AU - Chowdhury, Omar

AU - Hussain, Syed Rafiul

PY - 2024/12/9

Y1 - 2024/12/9

N2 - This paper proposes Proteus, a protocol state machine, property-guided, and budget-aware automated testing approach for discovering logical vulnerabilities in wireless protocol implementations. Proteus maintains its budget awareness by generating test cases (i.e., each being a sequence of protocol messages) that are not only meaningful (i.e., the test case mostly follows the desirable protocol flow except for some controlled deviations) but also have a high probability of violating the desirable properties. To demonstrate its effectiveness, we evaluated Proteus in two different protocol implementations, namely 4G LTE and BLE, across 23 consumer devices (11 for 4G LTE and 12 for BLE). Proteus discovered 25 unique issues, including 112 instances. Affected vendors have positively acknowledged 14 vulnerabilities through 5 CVEs.

AB - This paper proposes Proteus, a protocol state machine, property-guided, and budget-aware automated testing approach for discovering logical vulnerabilities in wireless protocol implementations. Proteus maintains its budget awareness by generating test cases (i.e., each being a sequence of protocol messages) that are not only meaningful (i.e., the test case mostly follows the desirable protocol flow except for some controlled deviations) but also have a high probability of violating the desirable properties. To demonstrate its effectiveness, we evaluated Proteus in two different protocol implementations, namely 4G LTE and BLE, across 23 consumer devices (11 for 4G LTE and 12 for BLE). Proteus discovered 25 unique issues, including 112 instances. Affected vendors have positively acknowledged 14 vulnerabilities through 5 CVEs.

UR - http://www.scopus.com/inward/record.url?scp=85215508845&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85215508845&partnerID=8YFLogxK

U2 - 10.1145/3658644.3690312

DO - 10.1145/3658644.3690312

M3 - Conference contribution

AN - SCOPUS:85215508845

T3 - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

SP - 2102

EP - 2116

BT - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

T2 - 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024

Y2 - 14 October 2024 through 18 October 2024

ER -

Mukit Rashid SM, Wu T, Tu K, Al Ishtiaq A, Tanvir RH, Dong Y et al. State Machine Mutation-based Testing Framework for Wireless Communication Protocols. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2024. p. 2102-2116. (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). doi: 10.1145/3658644.3690312

State Machine Mutation-based Testing Framework for Wireless Communication Protocols

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this