TY - JOUR U1 - Zeitschriftenartikel, wissenschaftlich - begutachtet (reviewed) A1 - Walz, Andreas A1 - Sikora, Axel T1 - Exploiting Dissent: Towards Fuzzing-based Differential Black Box Testing of TLS Implementations JF - IEEE Transactions on Dependable and Secure Computing N2 - The Transport Layer Security (TLS) protocol is one of the most widely used security protocols on the internet. Yet do implementations of TLS keep on suffering from bugs and security vulnerabilities. In large part is this due to the protocol's complexity which makes implementing and testing TLS notoriously difficult. In this paper, we present our work on using differential testing as effective means to detect issues in black-box implementations of the TLS handshake protocol. We introduce a novel fuzzing algorithm for generating large and diverse corpuses of mostly-valid TLS handshake messages. Stimulating TLS servers when expecting a ClientHello message, we find messages generated with our algorithm to induce more response discrepancies and to achieve a higher code coverage than those generated with American Fuzzy Lop, TLS-Attacker, or NEZHA. In particular, we apply our approach to OpenssL, BoringSSL, WolfSSL, mbedTLS, and MatrixSSL, and find several real implementation bugs; among them a serious vulnerability in MatrixSSL 3.8.4. Besides do our findings point to imprecision in the TLS specification. We see our approach as present in this paper as the first step towards fully interactive differential testing of black-box TLS protocol implementations. Our software tools are publicly available as open source projects. KW - Flugdatenregistriergerät KW - Dissens KW - Terrestrisches Laserscanning Y1 - 2017 SN - 1545-5971 SS - 1545-5971 U6 - https://dx.doi.org/10.1109/TDSC.2017.2763947 DO - https://dx.doi.org/10.1109/TDSC.2017.2763947 SP - 1 EP - 14 ER - TY - JOUR U1 - Zeitschriftenartikel, wissenschaftlich - begutachtet (reviewed) A1 - Nsiah, Kofi Atta A1 - Sikora, Axel A1 - Walz, Andreas A1 - Yushev, Artem T1 - Embedded TLS1.2 Implementation for Smart Metering & Smart Grid Applications JF - Journal of Electronic Science and Technology N2 - Digital networked communications are the key to all Internet-of-Things applications, especially to smart metering systems and the smart grid. In order to ensure a safe operation of systems and the privacy of users, the transport layer security (TLS) protocol, a mature and well standardized solution for secure communications, may be used. We implemented the TLS protocol in its latest version in a way suitable for embedded and resource-constrained systems. This paper outlines the challenges and opportunities of deploying TLS in smart metering and smart grid applications and presents performance results of our TLS implementation. Our analysis shows that given an appropriate implementation and configuration, deploying TLS in constrained smart metering systems is possible with acceptable overhead. KW - Intelligentes Stromnetz KW - Eingebettetes System Y1 - 2015 SN - 1674-862X SS - 1674-862X U6 - https://dx.doi.org/10.11989/JEST.1674-862X.506251 DO - https://dx.doi.org/10.11989/JEST.1674-862X.506251 VL - 13 IS - 4 SP - 373 EP - 378 ER -