Building Hardened IoT Implementations With LangSec

Explore the principles of Language-theoretic security (LangSec) and its application in building robust IoT implementations in this conference talk from nullcon Goa 2019. Delve into the importance of separating input recognition from processing to prevent parser bugs and enhance code auditability. Learn about the parser combinator library Hammer and its role in constructing secure applications. Discover techniques for generating test cases from parser combinator inputs to thoroughly evaluate implementation correctness. Examine a practical demonstration of these concepts applied to the AMQP protocol, widely used in industrial IoT systems, and compare its effectiveness against popular fuzzers like AFL and libfuzzer. Gain insights from Ph.D. student Prashant Anantharaman's research on IoT security, applied cryptography, and input-handling methodologies for both documented and undocumented protocol implementations.