EBF: A Hybrid Verification Tool for Finding Software Vulnerabilities in IoT Cryptographic Protocols

Internet of Things (IoT) consists of a large number of smart devices connected through a network, which creates a vast amount of data communication, thereby posing new security, privacy, and trust issues. One way to address these issues is ensuring data confidentiality using lightweight encryption algorithms for IoT protocols. However, the design and implementation of such protocols is an error-prone task; flaws in the implementation can lead to devastating security vulnerabilities. Here we propose a new verification approach named Encryption-BMC and Fuzzing (EBF), which combines Bounded Model Checking (BMC) and Fuzzing techniques to verify software and detect security vulnerabilities exploited by an attacker concerning users' privacy and integrity. EBF models IoT protocols as a client and server using POSIX threads, thereby simulating both entities' communication. It also employs static and dynamic verification to cover the system's state-space exhaustively. We evaluate EBF using the concurrency benchmarks from SV-COMP and show that it outperforms other state-of-the-art tools such as ESBMC, AFL, Lazy-CSeq, and TSAN w.r.t. bug finding. We also evaluate an open-source implementation called WolfMQTT. It is an MQTT client implementation that uses the WolfSSL library. We show that EBF detects a data race, which other approaches are unable to identify.