Qiang Zeng, Associate Professor, Computer Science, received funding for the project: "Towards Lifetime Supply Chain Security for Internet of Things: Testing an Update Before Trusting It."
The global Internet of Things (IoT) market size is expected to rise substantially by 2029. IoT devices are manufactured by various companies around the world, and thus, should not be trusted by default. Zeng aims to ensure lifetime supply chain security of IoT devices. To attain this objective, he is proposing to test an IoT device and every firmware update through on-device fuzzing.
Fuzzing is an automated method of testing software that injects invalid inputs into a system to reveal defects and vulnerabilities.
Zeng is inventing a new approach to on-device IoT fuzzing that takes advantage of the hub-to-device local control channel.
The local control channel allows a fuzzer built in a hub to directly command IoT devices, without hacking any companion apps. Thus, this approach is scalable.
When an IoT device joins a hub, it generates a sequence of setting-up messages. In this project, Zeng is proposing to make use of the setting-up messages to discover the functionalities of a device and perform systematic functionality oriented fuzzing.
If successful, Zeng will make breakthroughs in IoT lifetime supply chain security. He expects to have broader impacts on societies, research, education, and industry.
Zeng received $50,000 from the Virginia Innovation Partnership Authority for this research. Funding began in Jan. 2024 and will end in Jan. 2025.
###
About George Mason University
George Mason University is Virginia's largest public research university. Located near Washington, D.C., Mason enrolls 38,000 students from 130 countries and all 50 states. Mason has grown rapidly over the last half-century and is recognized for its innovation and entrepreneurship, remarkable diversity and commitment to accessibility. Learn more at http://www.gmu.edu.