Extension of SPIKE for Encrypted Protocol Fuzzing

Biyani, Aabha; Sharma, Gantavya; Aghav, Jagannath; Waradpande, Piyush; Savaji, Purva; Gautam, Mrityunjay

doi:10.1109/mines.2011.143

Cited by 4 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Fuzzing can detect implementation level flaws, but it cannot find design issues. For example, fuzzing can detect buffer overflow, but it cannot detect the use of weak encryption algorithm [15]. In terms of cryptographic protocols, we can fuzz a running protocol that uses encryption with invalid packets and check the connection behavior of the client and server.…”

Section: Fuzzingmentioning

confidence: 99%

“…One of the weaknesses of CDF is that it provides limited detection of timing leaks. ESPIKE [15] is another fuzzing tool, which is an extension of SPIKE; it is designed to handle encrypted protocols by sending all the SPIKE data through the SSL layer. The limitation of SPIKE is that it is only valid for the protocols that are already compatible with SPIKE.…”

Section: Limitations Related Work and Future Directionsmentioning

confidence: 99%

See 1 more Smart Citation

Verifying Software Vulnerabilities in IoT Cryptographic Protocols

Fatimah¹,

Cordeiro²,

Mustafa³

2020

Preprint

View full text Add to dashboard Cite

Internet of Things (IoT) is a system that consists of a large number of smart devices connected through a network. The number of these devices is increasing rapidly, which creates a massive and complex network with a vast amount of data communicated over that network. One way to protect this data in transit, i.e., to achieve data confidentiality, is to use lightweight encryption algorithms for IoT protocols. However, the design and implementation of such protocols is an error-prone task; flaws in the implementation can lead to devastating security vulnerabilities. These vulnerabilities can be exploited by an attacker and affect users' privacy. There exist various techniques to verify software and detect vulnerabilities. Bounded Model Checking (BMC) and Fuzzing are useful techniques to check the correctness of a software system concerning its specifications. Here we describe a framework called Encryption-BMC and Fuzzing (EBF) using combined BMC and fuzzing techniques. We evaluate the application of EBF verification framework on a case study, i.e., the S-MQTT protocol, to check security vulnerabilities in cryptographic protocols for IoT. PRELIMINARIES 2.1 Lightweight cryptographic protocols for IoT devicesLightweight encryption is suggested as a concept to handle security in resource constraint devices such as IoT devices [32]. This

show abstract

Section: Fuzzingmentioning

confidence: 99%

Section: Limitations Related Work and Future Directionsmentioning

confidence: 99%

Verifying Software Vulnerabilities in IoT Cryptographic Protocols

Fatimah¹,

Cordeiro²,

Mustafa³

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…From 2002 till now, fuzz testing tools emerge in an endless stream, and they are oriented to different aspects. For example, the browser-oriented managleme [10], the FileFuzz [11] and SPIKEfile [12] are designed for the format file. After that, the focus of fuzz testing shifts to the framework optimization.…”

Section: Fuzz Testingmentioning

confidence: 99%

Research on Fuzz Testing Framework based on Concolic Execution

Xie¹,

Chen²

2018

dtcse

View full text Add to dashboard Cite

1Vulnerability discovery technology is a significant aspect of the current. The work of this paper is to design and realize a fuzz framework based on concolic execution using C++. This framework is composed of instrumentation module, path constraint generation module and solver module. To improve the efficiency, the traditional technology method was optimized. It avoids the problem of path explosion that when an external call occurs. The experimental results show that our framework can trigger vulnerabilities successfully and expand code coverage.

show abstract