Testing Embedded TLS Implementations Using Fuzzing Techniques and Differential Testing
- Security in IT systems, particularly in embedded devices like Cyber Physical Systems (CPSs), has become an important matter of concern as it is the prerequisite for ensuring privacy and safety. Among a multitude of existing security measures, the Transport Layer Security (TLS) protocol family offers mature and standardized means for establishing secure communication channels over insecureSecurity in IT systems, particularly in embedded devices like Cyber Physical Systems (CPSs), has become an important matter of concern as it is the prerequisite for ensuring privacy and safety. Among a multitude of existing security measures, the Transport Layer Security (TLS) protocol family offers mature and standardized means for establishing secure communication channels over insecure transport media. In the context of classical IT infrastructure, its security with regard to protocol and implementation attacks has been subject to extensive research. As TLS protocols find their way into embedded environments, we consider the security and robustness of implementations of these protocols specifically in the light of the peculiarities of embedded systems. We present an approach for systematically checking the security and robustness of such implementations using fuzzing techniques and differential testing. In spite of its origin in testing TLS implementations we expect our approach to likewise be applicable to implementations of other cryptographic protocols with moderate efforts.…
Document Type: | Conference Proceeding |
---|---|
Conference Type: | Konferenzartikel |
Zitierlink: | https://opus.hs-offenburg.de/7158 | Bibliografische Angaben |
Title (English): | Testing Embedded TLS Implementations Using Fuzzing Techniques and Differential Testing |
Conference: | Baden-Württemberg Center of Applied Research Symposium on Information and Communication Systems (2. : 13. November 2015 : Konstanz) |
Author: | Andreas WalzORCiD, Axel SikoraStaff MemberORCiDGND |
Year of Publication: | 2015 |
Creating Corporation: | SInCom |
Contributing Corporation: | Hochschule Konstanz |
First Page: | 36 |
Last Page: | 40 |
Parent Title (English): | 2nd Baden-Württemberg Center of Applied Research Symposium on Information and Communication Systems - SInCom 2015 |
Editor: | Dirk Benyoucef, Jürgen Freudenberger |
ISBN: | 978-3-00-051859-1 |
URL: | https://opus.htwg-konstanz.de/frontdoor/deliver/index/docId/444/file/proceedingsSInCom2015.pdf |
Language: | English | Inhaltliche Informationen |
Institutes: | Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019) |
Institutes: | Bibliografie | Formale Angaben |
Open Access: | Open Access |
Bronze | |
Licence (German): | Urheberrechtlich geschützt |