Volltext-Downloads (blau) und Frontdoor-Views (grau)
  • search hit 55 of 113
Back to Result List

Maximizing and Leveraging Behavioral Discrepancies in TLS Implementations using Response-Guided Differential Fuzzing

  • The Transport Layer Security (TLS) protocol is a cornerstone of secure network communication, not only for online banking, e-commerce, and social media, but also for industrial communication and cyber-physical systems. Unfortunately, implementing TLS correctly is very challenging, as becomes evident by considering the high frequency of bugfixes filed for many TLS implementations. Given the highThe Transport Layer Security (TLS) protocol is a cornerstone of secure network communication, not only for online banking, e-commerce, and social media, but also for industrial communication and cyber-physical systems. Unfortunately, implementing TLS correctly is very challenging, as becomes evident by considering the high frequency of bugfixes filed for many TLS implementations. Given the high significance of TLS, advancing the quality of implementations is a sustained pursuit. We strive to support these efforts by presenting a novel, response-distribution guided fuzzing algorithm for differential testing of black-box TLS implementations. Our algorithm generates highly diverse and mostly-valid TLS stimulation messages, which evoke more behavioral discrepancies in TLS server implementations than other algorithms. We evaluate our algorithm using 37 different TLS implementations and discuss―by means of a case study―how the resulting data allows to assess and improve not only implementations of TLS but also to identify underspecified corner cases. We introduce suspiciousness as a per-implementation metric of anomalous implementation behavior and find that more recent or bug-fixed implementations tend to have a lower suspiciousness score. Our contribution is complementary to existing tools and approaches in the area, and can help reveal implementation flaws and avoid regression. While being presented for TLS, we expect our algorithm's guidance scheme to be applicable and useful also in other contexts. Source code and data is made available for fellow researchers in order to stimulate discussions and invite others to benefit from and advance our work.show moreshow less

Export metadata

Additional Services

Search Google Scholar

Statistics

frontdoor_oas
Metadaten
Document Type:Conference Proceeding
Conference Type:Konferenzartikel
Zitierlink: https://opus.hs-offenburg.de/3259
Bibliografische Angaben
Title (English):Maximizing and Leveraging Behavioral Discrepancies in TLS Implementations using Response-Guided Differential Fuzzing
Conference:52nd IEEE International Carnahan Conference on Security Technology (ICCST 2018), 22-25 October 2018, Montréal, Canada
Author:Andreas WalzStaff MemberORCiD, Axel SikoraStaff MemberORCiDGND
Year of Publication:2018
Contributing Corporation:IEEE
Page Number:5
Parent Title (English):2018 International Carnahan Conference on Security Technology (ICCST)
ISBN:978-1-5386-7931-9 (digital)
ISBN:978-1-5386-7930-2 (USB)
ISBN:978-1-5386-7932-6 (Print on Demand)
ISSN:2153-0742 (digital)
ISSN:1071-6572 (Print on Demand)
DOI:https://doi.org/10.1109/CCST.2018.8585565
Language:English
Inhaltliche Informationen
Institutes:Forschung / ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik
Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019)
Institutes:Bibliografie
Formale Angaben
Open Access: Closed Access 
Licence (German):License LogoUrheberrechtlich geschützt