Skip to main content
SpringerLink
Log in

Web API Verifier for IoTtalk and Its Applications

  • Conference paper
  • First Online:
Mobile Internet Security (MobiSec 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1644))

Included in the following conference series:

  • 205 Accesses

Abstract

With the vigorous development of Internet of Things (IoT) applications, many IoT applications based on IoTtalk, such as EduTalk, ScratchTalk, and other X-Talk systems, have been created in recent years. Most of these IoT applications are developed using Web application programming interface (API) and thus enable web browsers to transfer data to applications. But in the development stage, unknown errors or unexpected results may occur. It is hard to manually design test cases to detect such flaws efficiently, and automatic testing tools often require much domain knowledge. This work combines Fuzzing technology to develop a graphical user interface (GUI) test system, Web API Verifier (WAV), for IoTtalk and X-Talk developers to automatically test their applications easily.

WAV integrates Swagger Editor and RESTler-fuzzer. According to the uploaded source codes, it generates the corresponding drafts of OpenAPI documents. By filling the several fields in WAV GUI, developers can quickly describe the Web API specification of their applications and build the settings required for the RESTler-fuzzer test. After the test, WAV provides a GUI displaying the file location and row number for each buggy function. With WAV, users can write API documents and test their IoT applications conveniently.

This work was financially supported by the Center for Open Intelligent Connectivity from The Featured Areas Research Center Program within the framework of the Higher Education Sprout Project by the Ministry of Education (MOE) in Taiwan.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: A survey on enabling technologies, protocols, and applications. IEEE communications surveys & tutorials 17(4), 2347–2376 (2015)

    Article  Google Scholar 

  2. V. Atlidakis, P. Godefroid, and M. Polishchuk. Restler: Stateful rest api fuzzing. in 2019 ieee/acm 41st international conference on software engineering (icse). IEEE, 748ś758, 2019

    Google Scholar 

  3. O. Ben-Kiki, C. Evans, and B. Ingerson. Yaml ain’t markup language (yaml™ Working Draft 2008, 5:11, 2009

    Google Scholar 

  4. P. Bourhis, J. LṘeutter, F. Suárez, and D. Vrgoč. Json: data model, query languages and schema specification. In Proceedings of the 36th ACM SIGMOD-SIGACT-SIGAI symposium on principles of database systems, pages 123–135, 2017

    Google Scholar 

  5. Y. H. Chang. Design and implementation of iottalk aa subsystem and account subsystem. https://etd.lib.nctu.edu.tw/cgi-bin/gs32/tugsweb.cgi?o=dnctucdr&s=id=%22GT070856505%22.&searchmode=basic, last viewed July 2022

  6. CodeMirror. Codemirror5. https://github.com/codemirror/codemirror5, last viewed July 2022

  7. R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext transfer protocol-http/1.1. Technical report, 1999

    Google Scholar 

  8. R. T. Fielding. Rest: architectural styles and the design of network-based software architectures. Doctoral dissertation, University of California, 2000

    Google Scholar 

  9. Fortify, H.P.: Internet of things security study: Smartwatches. Technical report, Technical Report (2015)

    Google Scholar 

  10. R. Gurunath, M. Agarwal, A. Nandi, and D. Samanta. An overview: security issue in iot network. In 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC) I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), 2018 2nd International Conference on, pages 104–107. IEEE, 2018

    Google Scholar 

  11. Iqbal, W., Abbas, H., Daneshmand, M., Rauf, B., Bangash, Y.A.: An in-depth analysis of iot security requirements, challenges, and their countermeasures via software-defined security. IEEE Internet of Things Journal 7(10), 10250–10276 (2020)

    Article  Google Scholar 

  12. D. Jacobson, G. Brail, and D. Woods. APIs: A strategy guide. " O’Reilly Media, Inc.", 2011

    Google Scholar 

  13. R. Johari, I. Kaur, R. Tripathi, and K. Gupta. Penetration testing in iot network. In 2020 5th International Conference on Computing, Communication and Security (ICCCS), pages 1–7. IEEE, 2020

    Google Scholar 

  14. Kristol, D.M.: Http cookies: Standards, privacy, and politics. ACM Transactions on Internet Technology (TOIT) 1(2), 151–198 (2001)

    Article  Google Scholar 

  15. Lin, Y.-B., Lin, Y.-W., Chih, C.-Y., Li, T.-Y., Tai, C.-C., Wang, Y.-C., Lin, F.J., Kuo, H.-C., Huang, C.-C., Hsu, S.-C.: Easyconnect: A management system for iot devices and its applications for interactive design and art. IEEE Internet of Things Journal 2(6), 551–561 (2015)

    Article  Google Scholar 

  16. Lin, Y.-B., Lin, Y.-W., Huang, C.-M., Chih, C.-Y., Lin, P.: Iottalk: A management platform for reconfigurable sensor devices. IEEE Internet of Things Journal 4(5), 1552–1562 (2017)

    Article  Google Scholar 

  17. Y.-B. Lin, M.-Z. Shieh, M.-F. Shih, and C.-C. Cheng. Edutalk: An iot environment for learning computer programming and physics. IEEE Internet of Things Journal, 2022

    Google Scholar 

  18. Microsoft. Restler-fuzzer. https://github.com/microsoft/restler-fuzzer, last viewed July 2022

  19. Microsoft. Restler settings files. https://github.com/microsoft/restler-fuzzer/blob/main/docs/user-guide/SettingsFile.md, last viewed July 2022

  20. Brian Mulloy. Web api design, 2013

    Google Scholar 

  21. Rose, K., Eldridge, S., Chapin, L.: The internet of things: An overview. The internet society (ISOC) 80, 1–50 (2015)

    Google Scholar 

  22. S. Sargsyan, S. Kurmangaleev, M. Mehrabyan, M. Mishechkin, T. Ghukasyan, and S. Asryan. Grammar-based fuzzing. In 2018 Ivannikov Memorial Workshop (IVMEM), pages 32–35. IEEE, 2018

    Google Scholar 

  23. S. Shin and Y. Seto. Development of iot security exercise contents for cyber security exercise system. In 2020 13th International Conference on Human System Interaction (HSI), pages 1–6. IEEE, 2020

    Google Scholar 

  24. SmartBear Software. Swagger editor. https://github.com/swagger-api/Swagger Editor, last viewed July 2022

  25. SmartBear Software. Swagger specification. https://swagger.io/specification/, last viewed July 2022

  26. J. Steinberg. These devices may be spying on you (even in your own home). Forbes. Retrieved, 27, 2014

    Google Scholar 

  27. H. E. Wang. Design and implementation of iottalk and its application. https://hdl.handle.net/11296/yw74yp, last viewed July 2022

  28. Z. X. Wen. Scratchtalk: An open-source programming education platform with iot. https://etd.lib.nctu.edu.tw/cgi-bin/gs32/tugsweb.cgi?o=dnctucdr&s=id=%22GT070856514%22.&searchmode=basic, last viewed July 2022

  29. Yang, H., Zhang, L., Zhang, X., Zhang, J.: An adaptive iot network security situation prediction model. Mobile Networks and Applications 27(1), 371–381 (2022)

    Article  Google Scholar 

  30. T. H. Yen. Design and implementation iottalk based on message queuing telemetry transport protocol. https://hdl.handle.net/11296/9upc7x, last viewed July 2022

Download references

Author information

Authors and Affiliations

  1. National Yang Ming Chiao Tung University, 1001 University Road, 300, Hsinchu, Taiwan

    Wen-Yu Lin, Min-Zheng Shieh & Yi-Bing Lin

Authors
  1. Wen-Yu Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Min-Zheng Shieh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi-Bing Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Min-Zheng Shieh .

Editor information

Editors and Affiliations

  1. Kookmin University, Seoul, Korea (Republic of)

    Ilsun You

  2. Sangmyung University, Cheonan-si, Korea (Republic of)

    Hwankuk Kim

  3. Middle East Technical University, Ankara, Türkiye

    Pelin Angin

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lin, WY., Shieh, MZ., Lin, YB. (2023). Web API Verifier for IoTtalk and Its Applications. In: You, I., Kim, H., Angin, P. (eds) Mobile Internet Security. MobiSec 2022. Communications in Computer and Information Science, vol 1644. Springer, Singapore. https://doi.org/10.1007/978-981-99-4430-9_24

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-4430-9_24

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-4429-3

  • Online ISBN: 978-981-99-4430-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation