Title :
Extension of SPIKE for Encrypted Protocol Fuzzing
Author :
Biyani, Aabha ; Sharma, Gantavya ; Aghav, Jagannath ; Waradpande, Piyush ; Savaji, Purva ; Gautam, Mrityunjay
Author_Institution :
Dept. of Comput. Eng., Coll. of Eng., Pune, India
Abstract :
A fuzzer is a program that attempts to find security vulnerabilities in an application by sending random or semi-random input. Fuzzers have been widely used to find vulnerabilities in protocol implementations. The implementations may conform to the design of the protocol, but most of the times some glitches might remain. As a result vulnerabilities might remain unnoticed. Consequently, different implementations of the same protocol may be vulnerable to different kind of attacks. Fuzzers help us discover such implementation flaws. Among the currently available and popular ones, SPIKE is one recognized open-source fuzzing framework. However, SPIKE has a limitation of fuzzing only non-encrypted protocols. This paper presents the extension of SPIKE, called ESPIKE, for fuzzing of encrypted protocols. ESPIKE will facilitate testing implementations of SSL encrypted protocols. As a proof of concept for efficiency of ESPIKE we demonstrate its usage on sftp and https protocol.
Keywords :
cryptographic protocols; program testing; ESPIKE; SPIKE; SSL encrypted protocols; encrypted protocol fuzzing; fuzzers; open-source fuzzing framework; Cryptography; Protocols; Servers; Sockets; Software; Testing; Encrypted protocols; Fuzzing; Security; Testing;
Conference_Titel :
Multimedia Information Networking and Security (MINES), 2011 Third International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-1-4577-1795-6
DOI :
10.1109/MINES.2011.143
