DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing
Critical and widely used cryptographic protocols have repeatedly been found to contain flaws in their design and their implementation. A prominent class of such vulnerabilities is logical attacks, e.g. attacks that exploit flawed protocol logic. Automated formal verification methods, based on the Do...
Saved in:
| Published in: | Proceedings - IEEE Symposium on Security and Privacy pp. 1481 - 1499 |
|---|---|
| Main Authors: | , , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
19.05.2024
|
| Subjects: | |
| ISSN: | 2375-1207 |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Critical and widely used cryptographic protocols have repeatedly been found to contain flaws in their design and their implementation. A prominent class of such vulnerabilities is logical attacks, e.g. attacks that exploit flawed protocol logic. Automated formal verification methods, based on the Dolev-Yao (DY) attacker, formally define and excel at finding such flaws, but operate only on abstract specification models. Fully automated verification of existing protocol implementations is today still out of reach. This leaves open whether such implementations are secure. Unfortunately, this blind spot hides numerous attacks, such as recent logical attacks on widely used TLS implementations introduced by implementation bugs.We answer by proposing a novel and effective technique that we call DY model-guided fuzzing, which precludes logical attacks against protocol implementations. The main idea is to consider as possible test cases the set of abstract DY executions of the DY attacker, and use a novel mutation-based fuzzer to explore this set. The DY fuzzer concretizes each abstract execution to test it on the program under test. This approach enables reasoning at a more structural and security-related level of messages represented as formal terms (e.g. decrypt a message and re-encrypt it with a different key) as opposed to random bit-level modifications that are much less likely to produce relevant logical adversarial behaviors. We implement a full-fledged and modular DY protocol fuzzer. We demonstrate its effectiveness by fuzzing three popular TLS implementations, resulting in the discovery of four novel vulnerabilities. |
|---|---|
| AbstractList | Critical and widely used cryptographic protocols have repeatedly been found to contain flaws in their design and their implementation. A prominent class of such vulnerabilities is logical attacks, e.g. attacks that exploit flawed protocol logic. Automated formal verification methods, based on the Dolev-Yao (DY) attacker, formally define and excel at finding such flaws, but operate only on abstract specification models. Fully automated verification of existing protocol implementations is today still out of reach. This leaves open whether such implementations are secure. Unfortunately, this blind spot hides numerous attacks, such as recent logical attacks on widely used TLS implementations introduced by implementation bugs.We answer by proposing a novel and effective technique that we call DY model-guided fuzzing, which precludes logical attacks against protocol implementations. The main idea is to consider as possible test cases the set of abstract DY executions of the DY attacker, and use a novel mutation-based fuzzer to explore this set. The DY fuzzer concretizes each abstract execution to test it on the program under test. This approach enables reasoning at a more structural and security-related level of messages represented as formal terms (e.g. decrypt a message and re-encrypt it with a different key) as opposed to random bit-level modifications that are much less likely to produce relevant logical adversarial behaviors. We implement a full-fledged and modular DY protocol fuzzer. We demonstrate its effectiveness by fuzzing three popular TLS implementations, resulting in the discovery of four novel vulnerabilities. |
| Author | Ammann, Max Hirschi, Lucca Kremer, Steve |
| Author_xml | – sequence: 1 givenname: Max surname: Ammann fullname: Ammann, Max email: max@maxammann.org organization: Independent Researcher & Trail of Bits – sequence: 2 givenname: Lucca surname: Hirschi fullname: Hirschi, Lucca email: lucca.hirschi@inria.fr organization: Inria Nancy Grand-Est Université de Lorraine, LORIA,France – sequence: 3 givenname: Steve surname: Kremer fullname: Kremer, Steve email: steve.kremer@inria.fr organization: Inria Nancy Grand-Est Université de Lorraine, LORIA,France |
| BookMark | eNotjtFOwjAUQKvRREB-wPjQH9i87V3bzTcDTk1GJBEfeCJducOZsS7dNIGvl6hP5-mcnDG7aH1LjN0IiIWA7O5tqRKpMZYgkxgAMn3GppnJUlSAKBDEORtJNCoSEswVG_f9J4AEzJIRK-Zrnn8dj3W7u-e5D3vb8Llv6DtaW88XfktNzxdEA5-FQzf4XbDdR-34MvjBO9_8ynxF_XAqXLPLyjY9Tf85Ye_542r2HBWvTy-zhyKqhdFDlFJJwmkCl5Is9emjStCBlqRKZyqXSEQ0RpdOWaEc2G1WKqEgFeBIWocTdvvXrYlo04V6b8NhI0AnWqsUfwDac097 |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/SP54263.2024.00096 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9798350331301 |
| EISSN | 2375-1207 |
| EndPage | 1499 |
| ExternalDocumentID | 10646658 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IH 6IL 6IN AAJGR AAWTH ABLEC ACGFS ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK IJVOP M43 OCL RIE RIL RIO RNS |
| ID | FETCH-LOGICAL-i176t-8ebe1c6e0c8e2b6394f43c062e5bc7fc42333776bc5a15c0ad9b5150810ce2ac3 |
| IEDL.DBID | RIE |
| ISICitedReferencesCount | 4 |
| ISICitedReferencesURI | http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=001310833901029&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| IngestDate | Wed Jun 04 06:02:01 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i176t-8ebe1c6e0c8e2b6394f43c062e5bc7fc42333776bc5a15c0ad9b5150810ce2ac3 |
| PageCount | 19 |
| ParticipantIDs | ieee_primary_10646658 |
| PublicationCentury | 2000 |
| PublicationDate | 2024-May-19 |
| PublicationDateYYYYMMDD | 2024-05-19 |
| PublicationDate_xml | – month: 05 year: 2024 text: 2024-May-19 day: 19 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings - IEEE Symposium on Security and Privacy |
| PublicationTitleAbbrev | SP |
| PublicationYear | 2024 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0020394 |
| Score | 2.3420684 |
| Snippet | Critical and widely used cryptographic protocols have repeatedly been found to contain flaws in their design and their implementation. A prominent class of... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1481 |
| SubjectTerms | Cognition Cryptographic protocols Formal methods and verification Formal verification Fuzzing Logic Privacy Program and binary analysis Protocol security Security Systems security Test |
| Title | DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing |
| URI | https://ieeexplore.ieee.org/document/10646658 |
| WOSCitedRecordID | wos001310833901029&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV27asMwFBVN6NCpr5S-0dBVrWRZstU1qemQhkBTSKZg61ECwQ6JE2i-vrrKa-rQTRjJhnsl7pGlcw5CT9QYBrIrxAlpSKxSRnwdF4QrkysjImdkIAp3k14vHQ5Vf0tWD1wYa224fGafoRnO8k2ll_CrzK9wGUtfMhuokSRyQ9ba764oV_GOFUPVy2dfgBa53wFGoI9Ngyr_wT8llI_s9J8fPkOtAxEP9_cl5hwd2fICne6cGPB2YV6ibmeEs-V67Tu94gxg6BR3qqldkVFeYfA7my7wh7U1bs9_ZvVGpnqi4d115adCGIwHoLhRfrfQV_Y2aL-TrU8CmbBE1iT1iWBaWqpTGxUecsQu5prKyIpCJ057xMS5D1ihRc6EprlRhQAdeEbBDkzzK9Qsq9JeI1x4eEa58ShLmNjJXHGTOO4xlsydTFxxg1oQnfFsI4Ux3gXm9o_nd-gEEgDH7Uzdo2Y9X9oHdKxX9WQxfwwJ_AXi2Jwl |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3LT8IwHG4UTfSED4xve_Ba7dbHVq_ggnEQEjGBE9n6MCRkIzBI5K-3LSAnD96WZm2T_tr8vj6-7wPgESsVONkVZBhXiIo4QDaPM0SEyoRioVHcE4XTqNuNBwPR25DVPRdGa-0fn-kn9-nv8lUpF-6ozK5wTrlNmfvggFEa4jVd63d_hYmgW14MFs8fPebUyO0eMHQK2djr8u8cVHwCSer_7PoENHZUPNj7TTKnYE8XZ6C-9WKAm6V5DtLWECaL1cr-9AITB0QnsFVO9BINsxI6x7PJHHa0rmBz9j2t1kLVY-narko7GXxl2HeaG8VXA3wmr_1mG22cEtA4iHiFYhuKQHKNZazD3IIOaiiRmIea5TIy0mImQqKI55JlAZM4UyJnTgk-wM4QTJILUCvKQl8CmFuAhomyOIspangmiIoMsSiLZ4ZHJr8CDTc6o-laDGO0HZjrP8ofwFG730lH6Vv3_QYcu2C4y_dA3IJaNVvoO3Aol9V4Prv3wfwBMcyfbA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+-+IEEE+Symposium+on+Security+and+Privacy&rft.atitle=DY+Fuzzing%3A+Formal+Dolev-Yao+Models+Meet+Cryptographic+Protocol+Fuzz+Testing&rft.au=Ammann%2C+Max&rft.au=Hirschi%2C+Lucca&rft.au=Kremer%2C+Steve&rft.date=2024-05-19&rft.pub=IEEE&rft.eissn=2375-1207&rft.spage=1481&rft.epage=1499&rft_id=info:doi/10.1109%2FSP54263.2024.00096&rft.externalDocID=10646658 |