A key-agreement protocol based on the stack-overflow software vulnerability

Exploiting software vulnerabilities, such as stack overflow, heap overflow, and format string exploits, enables attackers to break into victim machines. Moreover, attackers tend to use obfuscation techniques, such as encryption, to evade intrusion detection systems. In this paper, we show that a common stack-overflow attack, namely the return-to-libc attack, coupled with a common defense, namely the Address Space Layout Randomization (ASLR), together allow for constructing a key-agreement protocol that allows two entities (e.g., a Trojan and a controller) to agree on a shared key, whereas the shared key can then be used to encrypt further communication. We have developed a prototype of our key-agreement protocol to evaluate its feasibility and performance. Our results show that both time and message overhead of our protocol are linear in key length. Although our key-agreement protocol can be used by attackers for malicious purposes, it has low computation overhead, making it a candidate for adoption in CPU-constrained platforms.