CovFUZZ: Coverage-based fuzzer for 4G&5G protocols
Ilja Siro\v{s}, Dave Singel\'ee, Bart Preneel
TL;DR
This paper presents CovFUZZ, an automated coverage-guided fuzzing framework for testing 4G and 5G protocol implementations, demonstrating its effectiveness in discovering vulnerabilities across various devices and open-source stacks.
Contribution
The paper introduces a novel coverage-based fuzzing algorithm with a new probability adjustment method and coverage estimation technique for 4G/5G protocols.
Findings
Outperforms random fuzzing in code coverage
Discovered vulnerabilities in 10 COTS devices and all srsRAN instances
Effective in testing 4G/5G protocol implementations
Abstract
4G and 5G represent the current cellular communication standards utilized daily by billions of users for various applications. Consequently, ensuring the security of 4G and 5G network implementations is critically important. This paper introduces an automated fuzzing framework designed to test the security of 4G and 5G attach procedure implementations. Our framework provides a comprehensive solution for uplink and downlink fuzzing in 4G, as well as downlink fuzzing in 5G, while supporting fuzzing on all layers except the physical layer. To guide the fuzzing process, we introduce a novel algorithm that assigns probabilities to packet fields and adjusts these probabilities based on coverage information from the device-under-test (DUT). For cases where coverage information from the DUT is unavailable, we propose a novel methodology to estimate it. When evaluating our framework, we first…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsTelecommunications and Broadcasting Technologies