Abstract
With the vigorous development of Internet of Things (IoT) applications, many IoT applications based on IoTtalk, such as EduTalk, ScratchTalk, and other X-Talk systems, have been created in recent years. Most of these IoT applications are developed using Web application programming interface (API) and thus enable web browsers to transfer data to applications. But in the development stage, unknown errors or unexpected results may occur. It is hard to manually design test cases to detect such flaws efficiently, and automatic testing tools often require much domain knowledge. This work combines Fuzzing technology to develop a graphical user interface (GUI) test system, Web API Verifier (WAV), for IoTtalk and X-Talk developers to automatically test their applications easily.
WAV integrates Swagger Editor and RESTler-fuzzer. According to the uploaded source codes, it generates the corresponding drafts of OpenAPI documents. By filling the several fields in WAV GUI, developers can quickly describe the Web API specification of their applications and build the settings required for the RESTler-fuzzer test. After the test, WAV provides a GUI displaying the file location and row number for each buggy function. With WAV, users can write API documents and test their IoT applications conveniently.
This work was financially supported by the Center for Open Intelligent Connectivity from The Featured Areas Research Center Program within the framework of the Higher Education Sprout Project by the Ministry of Education (MOE) in Taiwan.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., Ayyash, M.: Internet of things: A survey on enabling technologies, protocols, and applications. IEEE communications surveys & tutorials 17(4), 2347–2376 (2015)
V. Atlidakis, P. Godefroid, and M. Polishchuk. Restler: Stateful rest api fuzzing. in 2019 ieee/acm 41st international conference on software engineering (icse). IEEE, 748ś758, 2019
O. Ben-Kiki, C. Evans, and B. Ingerson. Yaml ain’t markup language (yaml™ Working Draft 2008, 5:11, 2009
P. Bourhis, J. LṘeutter, F. Suárez, and D. Vrgoč. Json: data model, query languages and schema specification. In Proceedings of the 36th ACM SIGMOD-SIGACT-SIGAI symposium on principles of database systems, pages 123–135, 2017
Y. H. Chang. Design and implementation of iottalk aa subsystem and account subsystem. https://etd.lib.nctu.edu.tw/cgi-bin/gs32/tugsweb.cgi?o=dnctucdr&s=id=%22GT070856505%22.&searchmode=basic, last viewed July 2022
CodeMirror. Codemirror5. https://github.com/codemirror/codemirror5, last viewed July 2022
R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. Hypertext transfer protocol-http/1.1. Technical report, 1999
R. T. Fielding. Rest: architectural styles and the design of network-based software architectures. Doctoral dissertation, University of California, 2000
Fortify, H.P.: Internet of things security study: Smartwatches. Technical report, Technical Report (2015)
R. Gurunath, M. Agarwal, A. Nandi, and D. Samanta. An overview: security issue in iot network. In 2018 2nd International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC) I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), 2018 2nd International Conference on, pages 104–107. IEEE, 2018
Iqbal, W., Abbas, H., Daneshmand, M., Rauf, B., Bangash, Y.A.: An in-depth analysis of iot security requirements, challenges, and their countermeasures via software-defined security. IEEE Internet of Things Journal 7(10), 10250–10276 (2020)
D. Jacobson, G. Brail, and D. Woods. APIs: A strategy guide. " O’Reilly Media, Inc.", 2011
R. Johari, I. Kaur, R. Tripathi, and K. Gupta. Penetration testing in iot network. In 2020 5th International Conference on Computing, Communication and Security (ICCCS), pages 1–7. IEEE, 2020
Kristol, D.M.: Http cookies: Standards, privacy, and politics. ACM Transactions on Internet Technology (TOIT) 1(2), 151–198 (2001)
Lin, Y.-B., Lin, Y.-W., Chih, C.-Y., Li, T.-Y., Tai, C.-C., Wang, Y.-C., Lin, F.J., Kuo, H.-C., Huang, C.-C., Hsu, S.-C.: Easyconnect: A management system for iot devices and its applications for interactive design and art. IEEE Internet of Things Journal 2(6), 551–561 (2015)
Lin, Y.-B., Lin, Y.-W., Huang, C.-M., Chih, C.-Y., Lin, P.: Iottalk: A management platform for reconfigurable sensor devices. IEEE Internet of Things Journal 4(5), 1552–1562 (2017)
Y.-B. Lin, M.-Z. Shieh, M.-F. Shih, and C.-C. Cheng. Edutalk: An iot environment for learning computer programming and physics. IEEE Internet of Things Journal, 2022
Microsoft. Restler-fuzzer. https://github.com/microsoft/restler-fuzzer, last viewed July 2022
Microsoft. Restler settings files. https://github.com/microsoft/restler-fuzzer/blob/main/docs/user-guide/SettingsFile.md, last viewed July 2022
Brian Mulloy. Web api design, 2013
Rose, K., Eldridge, S., Chapin, L.: The internet of things: An overview. The internet society (ISOC) 80, 1–50 (2015)
S. Sargsyan, S. Kurmangaleev, M. Mehrabyan, M. Mishechkin, T. Ghukasyan, and S. Asryan. Grammar-based fuzzing. In 2018 Ivannikov Memorial Workshop (IVMEM), pages 32–35. IEEE, 2018
S. Shin and Y. Seto. Development of iot security exercise contents for cyber security exercise system. In 2020 13th International Conference on Human System Interaction (HSI), pages 1–6. IEEE, 2020
SmartBear Software. Swagger editor. https://github.com/swagger-api/Swagger Editor, last viewed July 2022
SmartBear Software. Swagger specification. https://swagger.io/specification/, last viewed July 2022
J. Steinberg. These devices may be spying on you (even in your own home). Forbes. Retrieved, 27, 2014
H. E. Wang. Design and implementation of iottalk and its application. https://hdl.handle.net/11296/yw74yp, last viewed July 2022
Z. X. Wen. Scratchtalk: An open-source programming education platform with iot. https://etd.lib.nctu.edu.tw/cgi-bin/gs32/tugsweb.cgi?o=dnctucdr&s=id=%22GT070856514%22.&searchmode=basic, last viewed July 2022
Yang, H., Zhang, L., Zhang, X., Zhang, J.: An adaptive iot network security situation prediction model. Mobile Networks and Applications 27(1), 371–381 (2022)
T. H. Yen. Design and implementation iottalk based on message queuing telemetry transport protocol. https://hdl.handle.net/11296/9upc7x, last viewed July 2022
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Lin, WY., Shieh, MZ., Lin, YB. (2023). Web API Verifier for IoTtalk and Its Applications. In: You, I., Kim, H., Angin, P. (eds) Mobile Internet Security. MobiSec 2022. Communications in Computer and Information Science, vol 1644. Springer, Singapore. https://doi.org/10.1007/978-981-99-4430-9_24
Download citation
DOI: https://doi.org/10.1007/978-981-99-4430-9_24
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-4429-3
Online ISBN: 978-981-99-4430-9
eBook Packages: Computer ScienceComputer Science (R0)