DocumentCode
2658884
Title
Extension of SPIKE for Encrypted Protocol Fuzzing
Author
Biyani, Aabha ; Sharma, Gantavya ; Aghav, Jagannath ; Waradpande, Piyush ; Savaji, Purva ; Gautam, Mrityunjay
Author_Institution
Dept. of Comput. Eng., Coll. of Eng., Pune, India
fYear
2011
fDate
4-6 Nov. 2011
Firstpage
343
Lastpage
347
Abstract
A fuzzer is a program that attempts to find security vulnerabilities in an application by sending random or semi-random input. Fuzzers have been widely used to find vulnerabilities in protocol implementations. The implementations may conform to the design of the protocol, but most of the times some glitches might remain. As a result vulnerabilities might remain unnoticed. Consequently, different implementations of the same protocol may be vulnerable to different kind of attacks. Fuzzers help us discover such implementation flaws. Among the currently available and popular ones, SPIKE is one recognized open-source fuzzing framework. However, SPIKE has a limitation of fuzzing only non-encrypted protocols. This paper presents the extension of SPIKE, called ESPIKE, for fuzzing of encrypted protocols. ESPIKE will facilitate testing implementations of SSL encrypted protocols. As a proof of concept for efficiency of ESPIKE we demonstrate its usage on sftp and https protocol.
Keywords
cryptographic protocols; program testing; ESPIKE; SPIKE; SSL encrypted protocols; encrypted protocol fuzzing; fuzzers; open-source fuzzing framework; Cryptography; Protocols; Servers; Sockets; Software; Testing; Encrypted protocols; Fuzzing; Security; Testing;
fLanguage
English
Publisher
ieee
Conference_Titel
Multimedia Information Networking and Security (MINES), 2011 Third International Conference on
Conference_Location
Shanghai
Print_ISBN
978-1-4577-1795-6
Type
conf
DOI
10.1109/MINES.2011.143
Filename
6103787
Link To Document