DOCSLIB.ORG

Securing SSL Certificate Verification Through Dynamic Linking

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Securing SSL Certificate Verification through Dynamic Linking Adam Bates Joe Pletcher Tyler Nichols CISE Dept. CIS Dept. CIS Dept. University of Florida University of Oregon University of Oregon Gainesville, FL Eugene, OR Eugene, OR adammbates@ufl.edu [email protected] [email protected] Braden Hollembaek Dave Tian Kevin R. B. Butler iSEC Partners CISE Dept. CISE Dept. Seattle, WA University of Florida University of Florida [email protected] Gainesville, FL Gainesville, FL [email protected]fl.edu butler@ufl.edu ABSTRACT 1. INTRODUCTION Recent discoveries of widespread vulnerabilities in the SSL- Internet applications have relied for years on the SSL/TLS /TLS protocol stack, particular with regard to the verifica- libraries for secure end-to-end channels, but a growing body tion of server certificates, has left the security of the In- of literature points to systemic lapses in security procedure ternet's communications in doubt. Newly proposed SSL that renders our communications insecure. The heart of trust enhancements address many of these vulnerabilities, these problems lies with the inability for clients to accurately but are slow to be deployed and do not solve the prob- authenticate the server when presented with its public-key lem of securing existing software. In this work, we pro- certificate. Certificate validation has been shown to be in- vide new mechanisms that offer immediate solutions to ad- correct at all layers of the SSL stack, from improper certifi- dressing vulnerabilities in legacy code. We introduce Cert- cate handling in libraries [7, 29], to confusion and abuse of Shim, a lightweight retrofit to SSL implementations that SSL APIs [19, 43], to applications that are broken by design protects against SSL vulnerabilities, including those sur- so that they are easier to use [17]. Moreover, high pro- veyed by Georgiev et. al. [19], in a manner that is trans- file compromises of prominent Certificate Authorities (CAs) parent to the application. We demonstrate CertShim's ex- have eroded the very foundations of the SSL trust model tensibility by adapting it to work with Convergence, DANE, [12, 18, 32]. Any one of these lapses gives rise to the threat and Client-Based Key Pinning. CertShim imposes just 20 of a Man-in-the-Middle (MitM) attack, in which an attacker ms overhead for an SSL verification call, and hooks the SSL is able to intercept and read supposedly-secure SSL traffic dependencies of 94% of Ubuntu's most popular packages in transit to or from a target website. with no changes necessary to existing applications. This While a variety of forward-thinking solutions have been work significantly increases system-wide security of SSL com- proposed in the literature [10], less attention has been paid munications in non-browser software, while simultaneously to immediate countermeasures, and ways in which we can reducing the barriers to evaluating and adopting the myriad fix the vast amount of legacy software that is vulnerable and alternative proposals to the certificate authority system. inexorably linked to the CA model. Detecting and report- ing these vulnerabilities is an inadequate solution; studies of Categories and Subject Descriptors Android SSL usage have found that up to 76% of vulnera- bilities persist for over a year [43], even once the developers C.2.0. [Computer-Communication Networks]: Gen- have been notified of confirmed vulnerabilities [17]. In the eral | Security and protection presence of aloof and unavailable developers, we must pursue alternate means of securing our Internet communications. Keywords In this paper, we consider a system-wide approach to SSL, TLS, HTTPS, public-key certificates securing negligent SSL code in non-browser software that simultaneously facilitates the immediate use of CA alter- natives and other SSL trust enhancements. We present Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed CertShim, a lightweight retrofit to existing popular SSL im- for profit or commercial advantage and that copies bear this notice and the full cita- plementations (OpenSSL, GnuTLS, and partial support for 1 tion on the first page. Copyrights for components of this work owned by others than JSSE) that acts as a shim into the validation procedure in ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re- dynamically linked applications. CertShim provides appli- publish, to post on servers or to redistribute to lists, requires prior specific permission cation and domain specific handlers that force correct cer- and/or a fee. Request permissions from [email protected]. CCS’14, November 3–7, 2014, Scottsdale, Arizona, USA. 1 Copyright 2014 ACM ACM 978-1-4503-2957-6/14/11 ...$15.00. A shim is a library that transparently intercepts an API http://dx.doi.org/10.1145/2660267.2660338. and changes its parameters or operations. tificate validation on previously insecure applications. We present the design and implementation of CertShim, ana- demonstrate its practicality by incorporating a variety of lyze its features in Section 4, and evaluate its performance verification techniques including traditional CA validation, as well as coverage of real world SSL usage in Section 5. Convergence [30], DANE [23], and client-side key pinning Limitations of our approach and future work are discussed [14, 31, 37, 42], some of which were previously only avail- in Section 6, and related work is summarized in Section 7. able as experimental browser plug-ins. CertShim reduces In Section 8 we conclude. the barrier to adopting these systems by making them im- mediate candidates for system-wide deployment. 2. BACKGROUND While recent studies have made recommendations for the The SSL/TLS protocol families are largely responsible for general improvement of the SSL ecosystem, few have intro- securing the Internet's web traffic. The original SSL (Secure duced system-wide defenses to SSL vulnerabilities in legacy Socket Layers) protocols were introduced by Netscape in software. Fahl et al. modify the Android API to restrict 1995 to provide confidentiality, integrity, and identity to net- SSL misuse [17], while Conti et al. introduce MYTHIS, work communications [22]. While the foundations of SSL's a benign MitM proxy for Android that is able to defend solutions to confidentiality and integrity have withstood the against rogue access point attacks [11]. In contrast to these test of time, reliably establishing destination identity in SSL works, our platform-wide defense does not require a manu- connections has proven to be a surprisingly difficult prob- facturer update, or even administrator privileges, to be put lem. Without identity assurances, users are vulnerable to to use. We also deliver on the promise of pluggable certifi- the threat of impersonation or Man-in-the-Middle (MitM) cate verification that is left to future work by Fahl et al., attacks, in which an attacker is able to intercept and read and go a step further by showing that additional security supposedly-secure SSL traffic bound to or from a target assurances can be attained by layering multiple verification website. We still rely on Netscape's original solution, the modules. works in desktop and server environ- CertShim Certificate Authority (CA) public key infrastructure, which ments, which are considerably more complex than Android, requires that domains register with one or more CAs in ex- as various SSL implementations need be considered. Fur- change for a signed X.509 certificate. A client can then thermore, the solutions for Android experience compatibil- authenticate the server validating its certificate by using the ity issues with some programs; in contrast, we present a issuing CA's public key; obtaining this public key is a trans- policy engine that provides application- and domain-specific parent process to the client, as it is likely pre-installed into certificate handling. their operating system or web browser. We make the following contributions: Development Vulnerabilities. Good SSL code, par- • Enforce Safe Defaults on SSL: CertShim hooks ticularly with regards to certificate verification, is very dif- calls to SSL APIs in order to enforce hostname valida- ficult to correctly implement. Numerous MitM vulnerabili- tion and certificate validation. As this behavior would ties have been discovered in certificate chain validation rou- otherwise break applications that pin certificates or tines, such as null prefix attacks on Pascal strings [28, 29]. connect to domains that use self-signed certificates, we Georgiev et al's survey of SSL connection authentication ex- present a policy engine that enforces safe defaults but posed pervasive misunderstanding of certificate verification provides unique handlers based on the application and in SSL API's in non-browser software, and also drew at- destination domain. tention to many popular SSL libraries that are broken by design [19]. Fahl et al. interviewed developers to find that • Enable CA Alternatives: Existing open source ini- apps were often intentionally broken so as to allow for eas- tiatives may be slow to adopt alternative SSL trust ier development, or to support self-signed certificates [17]. models, may intentionally choose to stay with the sta- Even worse, the tomes of vulnerable SSL code that exist tus quo of certificate authorities, or may simply have today that are unlikely to ever be patched. Studies of SSL gone defunct. CertShim provides modular retrofits vulnerabilities in Android apps have found that up to 76% of that allow existing applications to use modern CA al- vulnerabilities persist for over a year [43], even once the de- ternatives. CertShim provides a means of taking the velopers have been notified of confirmed vulnerabilities [17]. consensus of multiple forms of certificate validation, Even more surprisingly, Brubaker et al. perform automated which to our knowledge is the first of its kind in the testing to uncover dramatic inconsistencies in the validation literature, allowing even stronger guarantees through routines of the major SSL libraries, some of which gave rise ensemble validation.
Recommended publications
  • Oldschool E-Mail Setup Eine Freakshow

    Oldschool E-Mail Setup Eine Freakshow

    Oldschool E-mail Setup Eine Freakshow [email protected] Chemnitzer Linuxtage, 2016 (Screenshot GMX vor >15 Jahren: Waybackmachine zu www.gmx.net) (Screenshot GMX heute) (Screenshot Gmail heute) Lösungen? ● Claws ● Mutt ● Eudora ● Netscape Navigator ● Evolution ● Opera M2 ● GMX ● Outlook ● Gnus ● SquirrelMail ● Hotmail ● The Bat! ● Hushmail ● Thunderbird ● KMail ● … Flußgrafik Email Netz MTA MRA MDA MUA MSA MTA Netz Hipster! ● KISS ● YAGNI ● DRY ● NIH ● Divide And Conquer ● Everything is a file ● No vendor lock-in ● Mißtraue Autoritäten – fördere Dezentralisierung Netz Netz Emails Client, den ich Remote verwenden kann Leicht erweiterbar Emails lokal Filter Offenes Format Adressen Netz Netz Abholen Transportformat? Pull Subject 1 Email = 1 File Keine Spuren X-List-ID Mit Hierarchien am Server Beliebige Einfaches Suchen Header Verlässliches Suchen Verarbeitung mit Unix Tools Client, den ich Remote verwenden kann Leicht erweiterbar Emails lokal Filter Offenes Format Adressen Netz Netz Abholen Transportformat? Pull Subject 1 Email = 1 File Keine Spuren X-List-ID Mit Hierarchien am Server Beliebige Einfaches Suchen Header Verlässliches Suchen Verarbeitung mit Unix Tools mbox Maildir mh Client, den ich Remote verwenden kann Leicht erweiterbar Emails lokal Filter Offenes Format Adressen Netz Netz Abholen Transportformat? Pull Subject 1 Email = 1 File Keine Spuren X-List-ID Mit Hierarchien am Server Beliebige Einfaches Suchen Header Verlässliches Suchen Verarbeitung mit Unix Tools mbox Maildir mh tmp 1439306571.1269_0.elvis ~/Post/Technik/Wikitech new 1448267819.5940_0.spencer ... 1457079728.2000_0.spencer:2, cur 1456839383.9873_0.nepomuk:2,SR 1457166567.23654_0.spencer:2,S ... Client, den ich Remote verwenden kann Leicht erweiterbar Filter Adressen Netz Netz Abholen Pull Subject Maildir Keine Spuren X-List-ID am Server Beliebige Header Client, den ich Remote verwenden kann Leicht erweiterbar Filter Adressen Netz Netz Abholen Pull Subject Maildir Keine Spuren X-List-ID am Server Beliebige Header fetchmail getmail mpop ..
  • Resurrect Your Old PC

    Resurrect Your Old PC

    Resurrect your old PCs Resurrect your old PC Nostalgic for your old beige boxes? Don’t let them gather dust! Proprietary OSes force users to upgrade hardware much sooner than necessary: Neil Bothwick highlights some great ways to make your pensioned-off PCs earn their keep. ardware performance is constantly improving, and it is only natural to want the best, so we upgrade our H system from time to time and leave the old ones behind, considering them obsolete. But you don’t usually need the latest and greatest, it was only a few years ago that people were running perfectly usable systems on 500MHz CPUs and drooling over the prospect that a 1GHz CPU might actually be available quite soon. I can imagine someone writing a similar article, ten years from now, about what to do with that slow, old 4GHz eight-core system that is now gathering dust. That’s what we aim to do here, show you how you can put that old hardware to good use instead of consigning it to the scrapheap. So what are we talking about when we say older computers? The sort of spec that was popular around the turn of the century. OK, while that may be true, it does make it seem like we are talking about really old hardware. A typical entry-level machine from six or seven years ago would have had something like an 800MHz processor, Pentium 3 or similar, 128MB of RAM and a 20- 30GB hard disk. The test rig used for testing most of the software we will discuss is actually slightly lower spec, it has a 700MHz Celeron processor, because that’s what I found in the pile of computer gear I never throw away in my loft, right next to my faithful old – but non-functioning – Amiga 4000.
  • Design Document

    Design Document

    SPEC OSG Mailserver Subcommittee SPECmail2009 Benchmark Architecture White Paper Revision: v1.0 Date: 22 December 2008 Copyright © 2001-2009 Standard Performance Evaluation Corporation. All Rights Reserved. 1. Introduction 1.1 Overview SPECmail2009 is a software benchmark designed to measure a system's ability to act as an enterprise mail server servicing email requests, based on the Internet standard protocols SMTP and IMAP4. The benchmark concentrates on the workload encountered by corporate mail servers, with an overall user count in the range of 150 to 10,000 (or more) users. It models IMAP business users accessing IMAP servers over fast local area networks (LAN) instead of broadband, WAN or dialup access speeds. Two separate metrics measure e-mail servers with and without secure network connections (SSL). SPECmail2009 has been developed by the Standard Performance Evaluation Corporation (SPEC), a non-profit group of computer vendors, system integrators, universities, research organizations, publishers, and consultants. This paper discusses the benchmark principles and architecture, and the rationale behind the key design decisions. It also outlines the workload used in the benchmark, and the general steps needed to run a benchmark. However those aspects are covered in more detail in other documents. 1.2 Organization of this Paper Chapter 2 discusses the basic goals and non-goals of the benchmark. Chapter 3 introduces the two performance metrics for SPECmail2009 – IMAP sessions per hour - and how it relates to the transaction mix imposed on the system under test.. Chapter 4 explains the benchmark workload - how it was derived, how it translates into configuration parameters for the benchmark tool and size calculations for planning a benchmark, and how it relates to the benchmark metric.
  • Cyrus Mail Server 2 Table of Contents

    Cyrus Mail Server 2 Table of Contents

    Univention Corporate Server Cyrus mail server 2 Table of Contents 1. Introduction ........................................................................................................................ 4 2. Installation ......................................................................................................................... 5 3. Management of the mail server data ....................................................................................... 6 3.1. Management of mail domains ..................................................................................... 6 3.2. Assignment of e-mail addresses to users ........................................................................ 6 3.3. Management of mailing lists ....................................................................................... 7 3.4. Management of mail groups ........................................................................................ 7 3.5. Management of shared IMAP folders ........................................................................... 8 3.6. Mail quota ............................................................................................................... 9 4. Spam detection and filtering ................................................................................................ 10 5. Identification of viruses and malware .................................................................................... 11 6. Identification of Spam sources with DNS-based Blackhole Lists (DNSBL) ...................................
  • Symantec White Paper

    Symantec White Paper

    QUARTERLY REPORT: SYMANTEC ENTERPRISE SECURITY SYMANTEC REPORT: QUARTERLY Symantec Intelligence Quarterly July - September, 2009 Published October 2009 Technical Brief: Symantec Enterprise Security Symantec Intelligence Quarterly July - September, 2009 Contents Introduction . 1 Highlights . 2 Metrics. 2 Meeting the Challenge of Sophisticated Attacks . 8 Timeline of a zero-day event . 8 How secure are security protocols?. 11 Why attackers use packers. 14 Protection and Mitigation . 16 Appendix A—Best Practices . 18 Appendix B—Methodologies. 20 Credits . 24 Symantec Intelligence Quarterly July - September, 2009 Introduction Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network. More than 240,000 sensors in over 200 countries monitor attack activity through a combination of Symantec products and services such as Symantec DeepSight™ Threat Management System, Symantec™ Managed Security Services and Norton™ consumer products, as well as additional third-party data sources. Symantec also gathers malicious code intelligence from more than 130 million client, server, and gateway systems that have deployed its antivirus products. Additionally, the Symantec distributed honeypot network collects data from around the globe, capturing previously unseen threats and attacks and providing valuable insight into attacker methods. Spam data is captured through the Symantec probe network, a system of more than 2.5 million decoy email accounts, Symantec MessageLabs™ Intelligence, and other Symantec technologies in more than 86 countries from around the globe. Over 8 billion email messages, as well as over 1 billion Web requests, are scanned per day across 16 data centers. Symantec also gathers phishing information through an extensive antifraud community of enterprises, security vendors, and more than 50 million consumers.
  • Ten Strategies of a World-Class Cybersecurity Operations Center Conveys MITRE’S Expertise on Accumulated Expertise on Enterprise-Grade Computer Network Defense

    Ten Strategies of a World-Class Cybersecurity Operations Center Conveys MITRE’S Expertise on Accumulated Expertise on Enterprise-Grade Computer Network Defense

    Bleed rule--remove from file Bleed rule--remove from file MITRE’s accumulated Ten Strategies of a World-Class Cybersecurity Operations Center conveys MITRE’s expertise on accumulated expertise on enterprise-grade computer network defense. It covers ten key qualities enterprise- grade of leading Cybersecurity Operations Centers (CSOCs), ranging from their structure and organization, computer MITRE network to processes that best enable effective and efficient operations, to approaches that extract maximum defense Ten Strategies of a World-Class value from CSOC technology investments. This book offers perspective and context for key decision Cybersecurity Operations Center points in structuring a CSOC and shows how to: • Find the right size and structure for the CSOC team Cybersecurity Operations Center a World-Class of Strategies Ten The MITRE Corporation is • Achieve effective placement within a larger organization that a not-for-profit organization enables CSOC operations that operates federally funded • Attract, retain, and grow the right staff and skills research and development • Prepare the CSOC team, technologies, and processes for agile, centers (FFRDCs). FFRDCs threat-based response are unique organizations that • Architect for large-scale data collection and analysis with a assist the U.S. government with limited budget scientific research and analysis, • Prioritize sensor placement and data feed choices across development and acquisition, enteprise systems, enclaves, networks, and perimeters and systems engineering and integration. We’re proud to have If you manage, work in, or are standing up a CSOC, this book is for you. served the public interest for It is also available on MITRE’s website, www.mitre.org. more than 50 years.
  • A Systematic Study of Cache Side Channels Across AES Implementations

    A Systematic Study of Cache Side Channels Across AES Implementations

    A Systematic Study of Cache Side Channels across AES Implementations Heiko Mantel1, Alexandra Weber1, and Boris K¨opf 2 1 Computer Science Department, TU Darmstadt, Darmstadt, Germany [email protected], [email protected] 2 IMDEA Software Institute, Madrid, Spain [email protected] Abstract While the AES algorithm is regarded as secure, many imple- mentations of AES are prone to cache side-channel attacks. The lookup tables traditionally used in AES implementations for storing precom- puted results provide speedup for encryption and decryption. How such lookup tables are used is known to affect the vulnerability to side chan- nels, but the concrete effects in actual AES implementations are not yet sufficiently well understood. In this article, we analyze and compare multiple off-the-shelf AES implementations wrt. their vulnerability to cache side-channel attacks. By applying quantitative program analysis techniques in a systematic fashion, we shed light on the influence of im- plementation techniques for AES on cache-side-channel leakage bounds. 1 Introduction The Advanced Encryption Standard (AES) is a widely used symmetric cipher that is approved by the U.S. National Security Agency for security-critical ap- plications [8]. While traditional attacks against AES are considered infeasible as of today, software implementations of AES are known to be highly suscepti- ble to cache side-channel attacks [5, 15, 18, 19, 32]. While such side channels can be avoided by bitsliced implementations [6,23], lookup-table-based implementa- tions, which aim at better performance, are often vulnerable and wide spread. To understand the vulnerability to cache side-channel attacks, recall that the 128bit version of AES relies on 10 rounds of transformations.
  • The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP Antoine Delignat-Lavaud, Inria Paris Joint Work with K

    The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP Antoine Delignat-Lavaud, Inria Paris Joint Work with K

    The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP Antoine Delignat-Lavaud, Inria Paris Joint work with K. Bhargavan, C. Fournet, A. Pionti, P.-Y. Strub INTRODUCTION Introduction Cookie Cutter Virtual Host Confusion Crossing Origin Boundaries Shared Session Cache Shared Reverse Proxies SPDY Connection Pooling Triple Handshake Conclusion Why do we need TLS? 1. Authentication – Must be talking to the right guy 2. Integrity – Our messages cannot be tampered 3. Confidentiality – Messages are only legible to participants 4. Privacy? – Can’t tell who we are and what we talk about Why do we need TLS? 1. Authentication – Must be talking to the right guy Active Attacks 2. Integrity (MitM) – Our messages cannot be tampered 3. Confidentiality – Messages are only legible to participants Passive Attacks 4. Privacy? (Wiretapping) – Can’t tell who we are and what we talk about What websites expect of TLS • Web attacker – Controls malicious websites – User visits honest and malicious sites in parallel – Web/MitB attacks: CSRF, XSS, Redirection… • Network attacker – Captures (passive) and tampers (active) packets What websites expect of TLS • Web attacker – Controls malicious websites – User visits honest and malicious sites in parallel – Web/MitB attacks: CSRF, XSS, Redirection… • Network attacker Strictly stronger – Captures (passive) and tampers (active) packets What websites expect of TLS If a website W served over HTTP is secure against a Web attacker, then serving W over HTTPS makes it secure against a network attacker. What websites expect of TLS If a website W served over HTTP is secure against a Web attacker, then serving W over HTTPS makes it secure against a network attacker.
  • Searching for Trust

    Searching for Trust

    SEARCHing for Trust Scott Rea1, TBA GOV2, TBA EDU3 1DigiCert Inc, Lindon, UT U.S.A., [email protected] 2Gov Agency, TBA, Australia, [email protected] 3University or Corporation, TBA, Australia, [email protected] ABSTRACT The security of the X.509 “oligarchy” Public Key Infrastructure for browsers and SSL web servers is under scrutiny in response to Certification Authority (CA) compromises which resulted in the circulation of fraudulent certificates. These rogue certificates can and have been used to execute Man-in-the-Middle attacks and gain access to users’ sensitive information. In wake of these events, there has been a call for change to the extent of either securing the current system or altogether replacing it with an alternative design. This panel will review the results of the research paper to be published that will explore the following proposals which have been put forth to replace or improve the CA system with the goal of aiding in the prevention and detection of MITM attacks and improving the trust infrastructure: Convergence, Perspectives, Mutually Endorsed Certification Authority Infrastructure (MECAI), DNS-Based Authentication of Named Entities (DANE), DNS Certification Authority Authorization (CAA) Resource Records, Public Key Pinning, Sovereign Keys, and Certificate Transparency. In the paper, a new metric is described that ranks each proposal according to a set of well-identified criteria and gives readers an idea of the costs and benefits of implementing the proposed system and the potential strengths and weaknesses of the design. The results of the research and the corresponding impacts for eResearchers and Government collaborators will be discussed by the panel.
  • Whither Deprecating TCP-MD5? a Light Dose of Reality Vs

    Whither Deprecating TCP-MD5? a Light Dose of Reality Vs

    Deprecating MD5 for LDP draft-nslag-mpls-deprecate-md5- 00.txt The IETF MPLS and PALS WG Chairs Our Problem • Control plane protocols are often carried over simple transport layers such as UDP or TCP. • Control planes are good targets for attack and their disruption or subversion can have serious operational consequences. • TCP RST attacks against BGP routers were the original motivation for RFC 2385, TCP-MD5. • LDP runs over TCP. • It currently uses TCP MD5 for authentication, which is no longer considered secure (see RFC 5925) • This is frequently pointed out to us when our documents go to the IESG for publication. Small Survey among operators and vendors - I • The survey was totally un-scientific, and just a small number of vendors and operators were asked. Questions could be better formulated. • Operators were asked. • If TCP-AO were available in products, would you use it? • Are you planning to deploy it? • Vendors were asked. • Do you have TCP-AO? • We will consider making a bigger and more scientific survey to send out to “everybody”. Small Survey among operators and vendors - II • Operators answered: • No plan to deploy TCP-AO as long as vendors support their MD-5 implementations. • Very few authenticated LDP sessions. • There is a cost to deploy TCP-AO. • Vendors answered: • No we don’t have TCP-AO in our products. • One vendor said that it will be available later this year. • We will not implement it until we hear from the operators that they need it. What we need • A security suit that: • Is more secure than MD5 when used over the long-lived sessions that support routing.
  • PROCEEDINGS of the ICA CONGRESS (Onl the ICA PROCEEDINGS OF

    PROCEEDINGS of the ICA CONGRESS (Onl the ICA PROCEEDINGS OF

    ine) - ISSN 2415-1599 ISSN ine) - PROCEEDINGS OF THE ICA CONGRESS (onl THE ICA PROCEEDINGS OF Page intentionaly left blank 22nd International Congress on Acoustics ICA 2016 PROCEEDINGS Editors: Federico Miyara Ernesto Accolti Vivian Pasch Nilda Vechiatti X Congreso Iberoamericano de Acústica XIV Congreso Argentino de Acústica XXVI Encontro da Sociedade Brasileira de Acústica 22nd International Congress on Acoustics ICA 2016 : Proceedings / Federico Miyara ... [et al.] ; compilado por Federico Miyara ; Ernesto Accolti. - 1a ed . - Gonnet : Asociación de Acústicos Argentinos, 2016. Libro digital, PDF Archivo Digital: descarga y online ISBN 978-987-24713-6-1 1. Acústica. 2. Acústica Arquitectónica. 3. Electroacústica. I. Miyara, Federico II. Miyara, Federico, comp. III. Accolti, Ernesto, comp. CDD 690.22 ISSN 2415-1599 ISBN 978-987-24713-6-1 © Asociación de Acústicos Argentinos Hecho el depósito que marca la ley 11.723 Disclaimer: The material, information, results, opinions, and/or views in this publication, as well as the claim for authorship and originality, are the sole responsibility of the respective author(s) of each paper, not the International Commission for Acoustics, the Federación Iberoamaricana de Acústica, the Asociación de Acústicos Argentinos or any of their employees, members, authorities, or editors. Except for the cases in which it is expressly stated, the papers have not been subject to peer review. The editors have attempted to accomplish a uniform presentation for all papers and the authors have been given the opportunity
  • Analysis of DTLS Implementations Using Protocol State Fuzzing

    Analysis of DTLS Implementations Using Protocol State Fuzzing

    Analysis of DTLS Implementations Using Protocol State Fuzzing Paul Fiterau-Brostean and Bengt Jonsson, Uppsala University; Robert Merget, Ruhr-University Bochum; Joeri de Ruiter, SIDN Labs; Konstantinos Sagonas, Uppsala University; Juraj Somorovsky, Paderborn University https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean This paper is included in the Proceedings of the 29th USENIX Security Symposium. August 12–14, 2020 978-1-939133-17-5 Open access to the Proceedings of the 29th USENIX Security Symposium is sponsored by USENIX. Analysis of DTLS Implementations Using Protocol State Fuzzing Paul Fiterau-Bro¸stean˘ Bengt Jonsson Robert Merget Joeri de Ruiter Uppsala University Uppsala University Ruhr University Bochum SIDN Labs Konstantinos Sagonas Juraj Somorovsky Uppsala University Paderborn University Abstract reach 11.6 billion by 2021 [26]. This will constitute half of all devices connected to the Internet, with the percentage set to Recent years have witnessed an increasing number of proto- grow in subsequent years. Such trends also increase the need cols relying on UDP. Compared to TCP, UDP offers perfor- to ensure that software designed for these devices is properly mance advantages such as simplicity and lower latency. This scrutinized, particularly with regards to its security. has motivated its adoption in Voice over IP, tunneling techno- DTLS is also used as one of the two security protocols in logies, IoT, and novel Web protocols. To protect sensitive data WebRTC, a framework enabling real-time communication. exchange in these scenarios, the DTLS protocol has been de- WebRTC can be used, for example, to implement video con- veloped as a cryptographic variation of TLS.