State Machine Mutation-based Testing Framework for Wireless Communication Protocols

This paper proposes Proteus, a protocol state machine, property-guided, and budget-aware automated testing approach for discovering logical vulnerabilities in wireless protocol implementations. Proteus maintains its budget awareness by generating test cases (ie, each being a sequence of protocol messages) that are not only meaningful (ie, the test case mostly follows the desirable protocol flow except for some controlled deviations) but also have a high probability of violating the desirable properties. To demonstrate its effectiveness, we evaluated Proteus in two different protocol implementations, namely 4G LTE and BLE, across 23 consumer devices (11 for 4G LTE and 12 for BLE). Proteus discovered 26 unique vulnerabilities, including 113 instances. Affected vendors have positively acknowledged 12 vulnerabilities through 5 CVEs.

In the 2024 ACM SIGSAC Conference on Computer and Communications Security