• DocumentCode
    2658884
  • Title

    Extension of SPIKE for Encrypted Protocol Fuzzing

  • Author

    Biyani, Aabha ; Sharma, Gantavya ; Aghav, Jagannath ; Waradpande, Piyush ; Savaji, Purva ; Gautam, Mrityunjay

  • Author_Institution
    Dept. of Comput. Eng., Coll. of Eng., Pune, India
  • fYear
    2011
  • fDate
    4-6 Nov. 2011
  • Firstpage
    343
  • Lastpage
    347
  • Abstract
    A fuzzer is a program that attempts to find security vulnerabilities in an application by sending random or semi-random input. Fuzzers have been widely used to find vulnerabilities in protocol implementations. The implementations may conform to the design of the protocol, but most of the times some glitches might remain. As a result vulnerabilities might remain unnoticed. Consequently, different implementations of the same protocol may be vulnerable to different kind of attacks. Fuzzers help us discover such implementation flaws. Among the currently available and popular ones, SPIKE is one recognized open-source fuzzing framework. However, SPIKE has a limitation of fuzzing only non-encrypted protocols. This paper presents the extension of SPIKE, called ESPIKE, for fuzzing of encrypted protocols. ESPIKE will facilitate testing implementations of SSL encrypted protocols. As a proof of concept for efficiency of ESPIKE we demonstrate its usage on sftp and https protocol.
  • Keywords
    cryptographic protocols; program testing; ESPIKE; SPIKE; SSL encrypted protocols; encrypted protocol fuzzing; fuzzers; open-source fuzzing framework; Cryptography; Protocols; Servers; Sockets; Software; Testing; Encrypted protocols; Fuzzing; Security; Testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Multimedia Information Networking and Security (MINES), 2011 Third International Conference on
  • Conference_Location
    Shanghai
  • Print_ISBN
    978-1-4577-1795-6
  • Type

    conf

  • DOI
    10.1109/MINES.2011.143
  • Filename
    6103787