Systematic Fuzzing and Testing of TLS Libraries

Presented at DeepSec 2016 „Ten“, Unknown date/time (Unknown duration)

We present TLS-Attacker, a novel framework for evaluating the security of TLS libraries. Using a simple interface, TLS-Attacker allows security engineers to create custom TLS message flows and arbitrarily modify TLS message contents in order to test the behavior of their TLS libraries. Based on TLS-Attacker, we first developed a two-stage TLS fuzzing approach. Our approach automatically searches for cryptographic failures and boundary violation vulnerabilities. It allowed us to find unusual padding oracle vulnerabilities and overflows/overreads in widely used TLS libraries, including OpenSSL, Botan, and MatrixSSL. Our findings encourage the use of comprehensive test suites for the evaluation of TLS libraries, including positive as well as negative tests. We used TLS-Attacker to create such a test suite framework, which finds further problems in TLS libraries. TLS-Attacker is an open source tool, and is currently being deployed for internal tests in Botan and MatrixSSL.

Presenters:

• Juraj Somorovsky - Hackmanit GmbH / Ruhr University Bochum
  Dr. Juraj Somorovsky is a security researcher at the Ruhr University Bochum, and co-founder of Hackmanit GmbH. He is a co-author of several TLS attacks (e.g., DROWN), and the main developer of a flexible tool for TLS analyses: TLS-Attacker (https://github.com/RUB-NDS/TLS-Attacker). He presented his work at many scientific and industry conferences, including Usenix Security, Blackhat, Deepsec or OWASP Europe.

Links:

• https://deepsec.net/archive/2016.deepsec.net/speaker.html#PSLOT249
• https://infocon.org/cons/DeepSec/DeepSec 2016/Systematic Fuzzing and Testing of TLS Libraries.mp4

Similar Presentations:

• Still Hacking Anyway (SHA2017) / TLS-KDH: Combining TLS with Kerberos
• DeepSec 2014 „Do you want to know more?“ / Introduction to and survey of TLS Security
• DeepSec 2016 „Ten“ / Deploying Secure Applications with TLS (closed)