394 Hits in 3.9 sec

Protocol State Fuzzing of TLS Implementations

Joeri de Ruiter, Erik Poll
2015 USENIX Security Symposium  
We describe a largely automated and systematic analysis of TLS implementations by what we call 'protocol state fuzzing': we use state machine learning to infer state machines from protocol implementations  ...  This shows that protocol state fuzzing is a useful technique to systematically analyse security protocol implementations.  ...  In essence, this involves fuzzing different sequences of messages, which is why we call this approach protocol state fuzzing.  ... 
dblp:conf/uss/RuiterP15 fatcat:p45hhaaeindjtg4asa3ihw6g2a

Rollback mechanism of nested virtual machines for protocol fuzz testing

Kuniyasu Suzaki, Toshiki Yagi, Akira Tanaka, Yutaka Oiwa, Etsuya Shibayama
2014 Proceedings of the 29th Annual ACM Symposium on Applied Computing - SAC '14  
Implementations of secure protocols should be tested as exhaustively as possible. Repeated protocol fuzz testing from every reachable state is necessary and snapshot/rollback mechanism is required.  ...  The internal VM of nested VM emulates whole hardware for exact repeat of protocol handling, and the external VM and proxies work for managing the state of internal VM and packets on a wire.  ...  ACKNOWLEGEMENT This work is supported by the National Institute of Information and Communications Technology of Japan.  ... 
doi:10.1145/2554850.2554899 dblp:conf/sac/SuzakiYTOS14 fatcat:t3e4mxccjvfk3lx2vvq4ht452e

Model-Based Grey-Box Fuzzing of Network Protocols

Yan Pan, Wei Lin, Liang Jiao, Yuefei Zhu, Irshad Azeem
2022 Security and Communication Networks  
However, the challenges of protocol fuzzing are the mutation of protocol messages and the deep interactivity of the protocol implementation.  ...  This paper proposes a model-based grey-box fuzzing approach for protocol implementations, including the server-side and client-side.  ...  Acknowledgments is work was supported by the National Key Research and Development Project of China (2019QY1300). e authors would like to express their gratitude to EditSprings (https://  ... 
doi:10.1155/2022/6880677 fatcat:rq63r47bd5bgtmwnpkuvxlonke

Systematic Fuzzing and Testing of TLS Libraries

Juraj Somorovsky
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
We present TLS-Attacker, an open source framework for evaluating the security of TLS libraries.  ...  Based on TLS-Attacker, we present a two-stage fuzzing approach to evaluate TLS server behavior. Our approach automatically searches for cryptographic failures and boundary violation vulnerabilities.  ...  State Machine Attacks TLS is a complex protocol containing different message flows. This results in complex state machine implementations which can contain severe security bugs.  ... 
doi:10.1145/2976749.2978411 dblp:conf/ccs/Somorovsky16 fatcat:xhpgfybnwjg4rjyvpznssqyqfy

SPFuzz: A Hierarchical Scheduling Framework For Stateful Network Protocol Fuzzing

Congxi Song, Bo Yu, Xu Zhou, Qiang Yang
2019 IEEE Access  
However, it is less efficient to fuzz the stateful protocols due to the difficulties like maintaining states and dependencies of messages.  ...  In experiments, the SPFuzz framework outperforms the existing stateful protocol fuzzing tool Boofuzz by an average of 69.12% in three granularities coverage tests.  ...  This was tested on nine implementations of the Transfer layer security (TLS) [24] protocol. Novickis [6] also took a similar approach upon OpenVPN.  ... 
doi:10.1109/access.2019.2895025 fatcat:zl2mcj5mbfd2lbsi4t7damq4ee

Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning [chapter]

Tarun Yadav, Koustav Sadhukhan
2019 Communications in Computer and Information Science  
In this paper, we analyze state machine models of TLS protocol implementation of SChannel library and describe weaknesses and design flaws in these models, found using protocol state fuzzing.  ...  We have used protocol state fuzzing to identify vulnerable and undesired state transitions in the state machine of the protocol for various versions of SChannel.  ...  In this paper, we analyze state machine models of TLS protocol implementation of SChannel library and describe weaknesses and design flaws in these models, found using protocol state fuzzing.  ... 
doi:10.1007/978-981-13-5826-5_27 fatcat:rd33xjs7jzam3mcbjx5sq2anl4

Verifying Software Vulnerabilities in IoT Cryptographic Protocols [article]

Fatimah Aljaafari and Lucas C. Cordeiro and Mustafa A. Mustafa
2020 arXiv   pre-print
However, the design and implementation of such protocols is an error-prone task; flaws in the implementation can lead to devastating security vulnerabilities.  ...  We evaluate the application of EBF verification framework on a case study, i.e., the S-MQTT protocol, to check security vulnerabilities in cryptographic protocols for IoT.  ...  Our EBF method can be described as follows: (1) We symbolically execute the initial state of the cryptographic protocol implementation (e.g., the S-MQTT implementation).  ... 
arXiv:2001.09837v1 fatcat:qjjpkp7775bivnjfgtlkc2e7z4

Coverage-guided differential testing of TLS implementations based on syntax mutation

Yan Pan, Wei Lin, Yubo He, Yuefei Zhu, Licheng Wang
2022 PLoS ONE  
Meanwhile, various versions of TLS protocol implementations exhibit different behavioral characteristics.  ...  The differences of different implementations during the fuzzing process, such as code coverage and response data, are taken to guide the mutation of test cases, and the seeds are mutated based on the TLS  ...  For the protocol state machine [5, 6] , Ruiter et al. [7] modeled a state machine for implementing the TLS protocol based on the active learning method.  ... 
doi:10.1371/journal.pone.0262176 pmid:35073360 pmcid:PMC8786154 fatcat:2ol6csi32ndqhns4tuenihbuba

Inferring OpenVPN State Machines Using Protocol State Fuzzing

Lesly-Ann Daniel, Erik Poll, Joeri de Ruiter
2018 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)  
We infer state machines of the server-side implementation and focus on particular phases of the protocol.  ...  Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze.  ...  Regular inference, or protocol state fuzzing, is a technique to infer a state machine from the implementation of a protocol [1] .  ... 
doi:10.1109/eurospw.2018.00009 dblp:conf/eurosp/DanielPR18 fatcat:rkijsstqzrcxzcmm53rteklowe

Analysis of DTLS Implementations Using Protocol State Fuzzing

Paul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, Juraj Somorovsky
2020 USENIX Security Symposium  
We present the first comprehensive analysis of DTLS implementations using protocol state fuzzing.  ...  We build a framework for applying protocol state fuzzing on DTLS servers, and use it to learn state machine models for thirteen DTLS implementations.  ...  The research was established at the Lorentz Center workshop on Systematic Analysis of Security Protocol Implementations.  ... 
dblp:conf/uss/Fiterau-Brostean20 fatcat:rtjd3ewmmbcqli2xpvtihj46hm

StateAFL: Greybox Fuzzing for Stateful Network Servers [article]

Roberto Natella
2021 arXiv   pre-print
At run-time, it infers the current protocol state of the target by analyzing snapshots of long-lived memory areas, and incrementally builds a protocol state machine for guiding fuzzing.  ...  Fuzzing network servers is a technical challenge, since the behavior of the target server depends on its state over a sequence of multiple messages.  ...  , to be tailored for the system-under-test (e.g., TLS-Attacker for the TLS protocol) [35] .  ... 
arXiv:2110.06253v1 fatcat:hhtcwz3onnbtnk45ryclwdvwka

MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols

Yingpei Zeng, Mingmin Lin, Shanqing Guo, Yanzhao Shen, Tingting Cui, Ting Wu, Qiuhua Zheng, Qiuhua Wang
2020 Sensors  
Second, it uses a message mutation algorithm to stimulate protocol state transitions, without the need of protocol specifications.  ...  We implement MultiFuzz based on AFL, and use it to fuzz two popular projects Eclipse Mosquitto and libCoAP. We reported discovered problems to the projects.  ...  , like TLS-Attacker [27] for the Transport Layer Security (TLS) protocol, and MTF [37] for the Modbus protocol.  ... 
doi:10.3390/s20185194 pmid:32933082 fatcat:773wbha32vhobiopgzf56jkl7u

Stateful Greybox Fuzzing [article]

Jinsheng Ba, Marcel Böhme, Zahra Mirzamomen, Abhik Roychoudhury
2022 arXiv   pre-print
In this work, we posit that manual annotations for state identification can be avoided for stateful protocol fuzzing.  ...  We call these bugs as "stateful" bugs. Usually, when we are testing a protocol implementation, we do not have a detailed formal specification of the protocol to rely upon.  ...  HVlearn [21] infers DFA-models of SSL/TLS hostname verification implementations via learning algorithms.  ... 
arXiv:2204.02545v3 fatcat:ybwwd64uhbabrjrjj7dm4drp34

SGPFuzzer: A State-Driven Smart Graybox Protocol Fuzzer for Network Protocol Implementations

Yingchao Yu, Zuoning Chen, Shuitao Gan, Xiaofeng Wang
2020 IEEE Access  
As one of the most widely used technologies in software testing, fuzzing technology has been applied to network protocol vulnerability detection, and various network protocol fuzzers have been proposed  ...  In this study, we first analyze and summarize some typical network protocol fuzzers to highlight the challenges when addressing stateful network protocol fuzzing.  ...  Our stateful fuzzer design, in contrast, learns the state space of a stateful network protocol implementation; moreover, it records the state-state transitions triggered by fuzzing.  ... 
doi:10.1109/access.2020.3025037 fatcat:77anseyuv5dthc46aytphitqtu

Protocol State Machines and Session Languages: Specification, implementation, and Security Flaws

Erik Poll, Joeri De Ruiter, Aleksy Schubert
2015 2015 IEEE Security and Privacy Workshops  
As a way to improve this situation, we discuss the possibility to automatically infer formal specifications of such languages, in the form of protocol state machines, from implementations by black box  ...  Often an input language not only involves a language of individual messages, but also some protocol with a notion of a session, i.e. a sequence of messages that makes up a dialogue between two parties.  ...  We also thank Julien Vanegue and Sergey Bratus for their feedback on earlier versions of this paper.  ... 
doi:10.1109/spw.2015.32 dblp:conf/sp/PollRS15 fatcat:ewealcbccnftnf4p6q4to7woga
« Previous Showing results 1 — 15 out of 394 results