Fuzzing the Internet of Things: A Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems

Iturbe, Mikel

dc.rights.license	Attribution 4.0 International	*
dc.contributor.author	Iturbe, Mikel
dc.contributor.other	Eceiza Olaizola, Maialen
dc.contributor.other	Flores Barroso, Jose Luis
dc.date.accessioned	2021-03-31T10:26:11Z
dc.date.available	2021-03-31T10:26:11Z
dc.date.issued	2021
dc.identifier.issn	2327-4662	en
dc.identifier.other	https://katalogoa.mondragon.edu/janium-bin/janium_login_opac.pl?find&ficha_no=163261	en
dc.identifier.uri	https://hdl.handle.net/20.500.11984/5266
dc.description.abstract	With a growing number of embedded devices that create, transform and send data autonomously at its core, the Internet-of-Things (IoT) is a reality in different sectors such as manufacturing, healthcare or transportation. With this expansion, the IoT is becoming more present in critical environments, where security is paramount. Infamous attacks such as Mirai have shown the insecurity of the devices that power the IoT, as well as the potential of such large-scale attacks. Therefore, it is important to secure these embedded systems that form the backbone of the IoT. However, the particular nature of these devices and their resource constraints mean that the most cost-effective manner of securing these devices is to secure them before they are deployed, by minimizing the number of vulnerabilities they ship. To this end, fuzzing has proved itself as a valuable technique for automated vulnerability finding, where specially crafted inputs are fed to programs in order to trigger vulnerabilities and crash the system. In this survey, we link the world of embedded IoT devices and fuzzing. For this end, we list the particularities of the embedded world as far as security is concerned, we perform a literature review on fuzzing techniques and proposals, studying their applicability to embedded IoT devices and, finally, we present future research directions by pointing out the gaps identified in the review.	en
dc.description.sponsorship	Gobierno Vasco	es
dc.language.iso	eng	en
dc.publisher	IEEE	en
dc.rights	© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.	en
dc.rights.uri	http://creativecommons.org/licenses/by/4.0/	*
dc.subject	Embedded Systems	en
dc.subject	fuzzing	en
dc.subject	IoT	en
dc.subject	software testing	en
dc.subject	vulnerabilities	en
dc.title	Fuzzing the Internet of Things: A Review on the Techniques and Challenges for Efficient Vulnerability Discovery in Embedded Systems	en
dcterms.accessRights	http://purl.org/coar/access_right/c_abf2	en
dcterms.source	IEEE Internet of Things Journal.	en
local.contributor.group	Análisis de datos y ciberseguridad	es
local.description.peerreviewed	true	en
local.identifier.doi	https://doi.org/10.1109/JIOT.2021.3056179	en
local.relation.projectID	GV/Elkartek 2019/KK-2019-00072/CAPV/Segurtasun Integrala Industria Adimentsurako/SENDAI	en
local.relation.projectID	GV/Ikertalde Convocatoria 2019-2021/IT1357-19/CAPV/Sistemas Inteligentes para Sistemas Industriales/	en
local.relation.projectID	GV/Programa Bikaintek 2019/20-AF-W2-2019-00006/CAPV//	en
local.rights.publicationfee	APC	en
local.contributor.otherinstitution	https://ror.org/03hp1m080	es
local.source.details	Early Access	en
oaire.format.mimetype	application/pdf
oaire.file	$DSPACE\assetstore
oaire.resourceType	http://purl.org/coar/resource_type/c_6501	en
oaire.version	http://purl.org/coar/version/c_ab4af688f83e57aa	en