Exploiting Dissent: Towards Fuzzing-Based Differential Black-Box Testing of TLS Implementations

Walz Andreas; Sikora Axel

首页> 外文期刊>IEEE transactions on dependable and secure computing >Exploiting Dissent: Towards Fuzzing-Based Differential Black-Box Testing of TLS Implementations

【24h】

Exploiting Dissent: Towards Fuzzing-Based Differential Black-Box Testing of TLS Implementations

机译：利用异议：朝着基于模糊的TLS实现的差动黑盒测试

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

The Transport Layer Security (TLS) protocol is one of the most widely used security protocols on the internet. Yet do implementations of TLS keep on suffering from bugs and security vulnerabilities. In large part is this due to the protocol's complexity which makes implementing and testing TLS notoriously difficult. In this paper, we present our work on using differential testing as effective means to detect issues in black-box implementations of the TLS handshake protocol. We introduce a novel fuzzing algorithm for generating large and diverse corpuses of mostly-valid TLS handshake messages. Stimulating TLS servers when expecting a ClientHello message, we find messages generated with our algorithm to induce more response discrepancies and to achieve a higher code coverage than those generated with American Fuzzy Lop, TLS-Attacker, or NEZHA. In particular, we apply our approach to OpenSSL, BoringSSL, WolfSSL, mbedTLS, and MatrixSSL, and find several real implementation bugs; among them a serious vulnerability in MatrixSSL 3.8.4. Besides do our findings point to imprecision in the TLS specification. We see our approach as presented in this paper as the first step towards fully interactive differential testing of black-box TLS protocol implementations. Our software tools are publicly available as open source projects.

机译：传输层安全性（TLS）协议是Internet上使用最广泛使用的安全协议之一。然而，TLS的实施继续患有错误和安全漏洞。在很大程度上是这样，由于议定书的复杂性，这使得难以困难地实现和测试TL。在本文中，我们在使用差动测试作为检测TLS握手协议的黑匣子实现中的有效手段的有效手段的工作。我们介绍了一种新颖的模糊算法，用于产生大多数有效的TLS握手消息的大型和多样化的核心。在期待ClientHello消息时刺激TLS服务器，我们发现使用算法生成的消息，以引起更多响应差异，并实现比使用美国模糊源，TLS攻击者或Nezha产生的更高的代码覆盖。特别是，我们将我们的方法应用于OpenSSL，Boringsl，Wolfssl，Medtls和MatrixSL，并找到了几个真实的实现错误;其中在矩阵中的严重漏洞3.8.4。除了我们的发现表明TLS规范中的不精确。我们认为我们的方法如本文所展示的黑盒TLS协议实现完全交互差分测试的第一步。我们的软件工具被公开可用作开源项目。

著录项

来源
《IEEE transactions on dependable and secure computing》 |2020年第2期|278-291|共14页
作者
Walz Andreas; Sikora Axel;
展开▼
作者单位

Offenburg Univ Appl Sci Inst Reliable Embedded Syst & Commun Elect IvESK D-77652 Offenburg Germany;

Offenburg Univ Appl Sci Inst Reliable Embedded Syst & Commun Elect IvESK D-77652 Offenburg Germany;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
Protocols; Testing; Computer bugs; Cryptography; Servers; Complexity theory; TLS; network security; cryptographic protocols; fuzzing; differential testing;

机译：协议;测试;计算机错误;加密;服务器;复杂性理论;TLS;网络安全;加密协议;模糊;差异测试;

相似文献

外文文献
中文文献
专利

1. Differential Testing of Certificate Validation in SSL/TLS Implementations: An RFC-guided Approach [J] . Tian Cong, Chen Chu, Duan Zhenhua, ACM transactions on software engineering and methodology . 2019,第4期

机译：SSL / TLS实施中证书验证的差异测试：RFC指导的方法
2. Sequential injections as an alternative to gradient exploitation for implementing differential kinetic analysis in a flow injection system [J] . Fortes P.R., Feres M.A., Zagatto E.A.G., Talanta: The International Journal of Pure and Applied Analytical Chemistry . 2010,第4a5期

机译：顺序注入是梯度开发的替代方法，用于在流动注入系统中执行差分动力学分析
3. Differential expression of the TL1A/DcR3 system of TNF/TNFR-like proteins in large vs. small intestinal Crohn's disease [J] . BamiasG., KaltsaG., SiakavellasS.I., Digestive and liver disease: official journal of the Italian Society of Gastroenterology and the Italian Association for the Study of the Liver . 2012,第1期

机译：TNF / TNFR样蛋白的TL1A / DcR3系统在大肠和小肠克罗恩病中的差异表达
4. SADT: Syntax-Aware Differential Testing of Certificate Validation in SSL/TLS Implementations [C] . Lili Quan, Qianyu Guo, Hongxu Chen, IEEE/ACM International Conference on Automated Software Engineering . 2020

机译：SADT：SSL / TLS实现中证书验证的语法感知差异测试
5. Enhancing Directed Search in Black-box, Grey-box and White-box Fuzz Testing [D] . Pham, Van-Thuan. 2017

机译：在黑盒，灰盒和白盒模糊测试中增强定向搜索
6. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations [O] . Chad Brubaker, Suman Jana, Baishakhi Ray, -1

机译：在SSL / TLS实施中使用Frankencerts对证书验证进行自动对抗测试
7. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations [O] . Chad Brubaker, Suman Jana, Baishakhi Ray, 2014

机译：在SSL / TLS实施中使用Frankencerts对证书验证进行自动对抗测试

Exploiting Dissent: Towards Fuzzing-Based Differential Black-Box Testing of TLS Implementations

摘要

著录项

相似文献

相关主题

期刊订阅