Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers

Research Article

: Stateful Black-Box Fuzzing of Proprietary Network Protocols

Download
456 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-28865-9_18,
        author={Hugo Gascon and Christian Wressnegger and Fabian Yamaguchi and Daniel Arp and Konrad Rieck},
        title={
          : Stateful Black-Box Fuzzing of Proprietary Network Protocols},
        proceedings={Security and Privacy in Communication Networks. 11th International Conference, SecureComm 2015, Dallas, TX, USA, October 26-29, 2015, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2016},
        month={2},
        keywords={Model-based fuzzing Vulnerability discovery Protocol reverse engineering},
        doi={10.1007/978-3-319-28865-9_18}
    }
    
  • Hugo Gascon
    Christian Wressnegger
    Fabian Yamaguchi
    Daniel Arp
    Konrad Rieck
    Year: 2016
    : Stateful Black-Box Fuzzing of Proprietary Network Protocols
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-28865-9_18
Hugo Gascon1,*, Christian Wressnegger1,*, Fabian Yamaguchi1,*, Daniel Arp1,*, Konrad Rieck1,*
  • 1: University of Göttingen
*Contact email: hgascon@uni-goettingen.de, christian.wressnegger@uni-goettingen.de, fabian.yamaguchi@uni-goettingen.de, darp@uni-goettingen.de, konrad.rieck@uni-goettingen.de

Abstract

The security of network services and their protocols critically depends on minimizing their attack surface. A single flaw in an implementation can suffice to compromise a service and expose sensitive data to an attacker. The discovery of vulnerabilities in protocol implementations, however, is a challenging task: While for standard protocols this process can be conducted with regular techniques for auditing, the situation becomes difficult for proprietary protocols if neither the program code nor the specification of the protocol are easily accessible. As a result, vulnerabilities in closed-source implementations can often remain undiscovered for a longer period of time. In this paper, we present , a method for stateful black-box fuzzing of proprietary network protocols. Our method combines concepts from fuzz testing with techniques for automatic protocol reverse engineering and simulation. It proceeds by observing the traffic of a proprietary protocol and inferring a generative model for message formats and protocol states that can not only analyze but also simulate communication. During fuzzing this simulation can effectively explore the protocol state space and thereby enables uncovering vulnerabilities deep inside the protocol implementation. We demonstrate the efficacy of in two case studies, where it identifies known as well as unknown vulnerabilities.