| In recent years,with the rapid development of computer technology and communication technology,the traditional power grid has gradually developed into a smart power grid.The DLMS/COSEM communication protocol is an important part of the smart power grid.In the design of DLMS/COSEM protocol,many researchers have strengthened the security design for it,but the existing security research is not sufficient in the specific code implementation of DLMS/COSEM protocol.Fuzzing is one of the most popular techniques of vulnerability discovery in recent years.Researchers at home and abroad have found a large number of vulnerabilities in various types of applications by this technology.For DLMS/COSEM protocol,it has special operating environment and coding rules,so the fuzzing effect of DLMS/COSEM protocol using existing methods and tools is limited.Therefore,this paper studies the fuzzing technology on DLMS/COSEM protocol,proposes corresponding fuzzing methods for server(smart meter)and client(host computer)and develops fuzzing tools DSFUZZ and DLMSAFL respectively.On the one hand,this paper proposes a fuzzing method for the server of DLMS/COSEM protocol,and implements a fuzzing tool DSFUZZ.Firstly,this paper designs a APDU mutation algorithm for DLMS/COSEM protocol based on the request message tree,which combines two kinds of mutation strategies to generate test cases that conform to BER and A-XDR coding rules.Secondly,the response analyzer receives the response and refines the response state machine,providing feedback on whether a new state is triggered to guide the mutation.Finally,the monitor is used to detect whether the server crashes during fuzzing.This paper also proves the validity of using DSFUZZ to conduct fuzz DLMS/COSEM protocol server through several sets of experiments,and can achieve better fuzzing effect compared with Boofuzz,Peach and e Fuzz.On the other hand,this paper proposes a fuzzing method for the client of the DLMS/COSEM protocol and implements a fuzzing tool DLMSAFL.At the same time,a DLMS/COSEM protocol APDU mutation algorithm based on response message tree is designed,which introduces the probability value P to improve the diversity of test cases generated by mutation.In this paper,a double-loop structure is also designed so that the mutator can obtain the true response of the smart meter and mutate it.Finally,DLMSAFL is used to fuzz the client,and three memory leak vulnerabilities and one heap use after free vulnerability are found. |
PDF Full Text Request