1,357 research outputs found
Finding Bugs in Cryptographic Hash Function Implementations
Cryptographic hash functions are security-critical algorithms with many practical applications, notably in digital signatures. Developing an approach to test them can be particularly difficult, and bugs can remain unnoticed for many years. We revisit the NIST hash function competition, which was used to develop the SHA-3 standard, and apply a new testing strategy to all available reference implementations. Motivated by the cryptographic properties that a hash function should satisfy, we develop four tests. The Bit-Contribution Test checks if changes in the message affect the hash value, and the Bit-Exclusion Test checks that changes beyond the last message bit leave the hash value unchanged. We develop the Update Test to verify that messages are processed correctly in chunks, and then use combinatorial testing methods to reduce the test set size by several orders of magnitude while retaining the same fault-detection capability. Our tests detect bugs in 41 of the 86 reference implementations submitted to the SHA-3 competition, including the rediscovery of a bug in all submitted implementations of the SHA-3 finalist BLAKE. This bug remained undiscovered for seven years, and is particularly serious because it provides a simple strategy to modify the message without changing the hash value returned by the implementation. We detect these bugs using a fully-automated testing approach
A Case Study of Mobile Health Applications: The OWASP Risk of Insufficient Cryptography
Mobile devices are being deployed rapidly for both private and professional reasons. One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management. These applications help individuals track their own biorhythms and contain sensitive information. This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks. We first develop and justify a mobile OWASP Cryptographic knowledgegraph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography. We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications. Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications. As humans adopt healthcare applications for managing their health routines, it is essential that they consider the privacy and security risks they are accepting when sharing their data. Furthermore, many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations. In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded, the article suggests awareness and training modules for developers prior to marketplace software release
TrusNet: Peer-to-Peer Cryptographic Authentication
Originally, the Internet was meant as a general purpose communication protocol, transferring primarily text documents between interested parties. Over time, documents expanded to include pictures, videos and even web pages. Increasingly, the Internet is being used to transfer a new kind of data which it was never designed for. In most ways, this new data type fits in naturally to the Internet, taking advantage of the near limit-less expanse of the protocol. Hardware protocols, unlike previous data types, provide a unique set security problem. Much like financial data, hardware protocols extended across the Internet must be protected with authentication. Currently, systems which do authenticate do so through a central server, utilizing a similar authentication model to the HTTPS protocol. This hierarchical model is often at odds with the needs of hardware protocols, particularly in ad-hoc networks where peer-to-peer communication is prioritized over a hierarchical model. Our project attempts to implement a peer-to-peer cryptographic authentication protocol to be used to protect hardware protocols extending over the Internet.
The TrusNet project uses public-key cryptography to authenticate nodes on a distributed network, with each node locally managing a record of the public keys of nodes which it has encountered. These keys are used to secure data transmission between nodes and to authenticate the identities of nodes. TrusNet is designed to be used on multiple different types of network interfaces, but currently only has explicit hooks for Internet Protocol connections.
As of June 2016, TrusNet has successfully achieved a basic authentication and communication protocol on Windows 7, OSX, Linux 14 and the Intel Edison. TrusNet uses RC-4 as its stream cipher and RSA as its public-key algorithm, although both of these are easily configurable. Along with the library, TrusNet also enables the building of a unit testing suite, a simple UI application designed to visualize the basics of the system and a build with hooks into the I/O pins of the Intel Edison allowing for a basic demonstration of the system
Verified Correctness and Security of mbedTLS HMAC-DRBG
We have formalized the functional specification of HMAC-DRBG (NIST 800-90A),
and we have proved its cryptographic security--that its output is
pseudorandom--using a hybrid game-based proof. We have also proved that the
mbedTLS implementation (C program) correctly implements this functional
specification. That proof composes with an existing C compiler correctness
proof to guarantee, end-to-end, that the machine language program gives strong
pseudorandomness. All proofs (hybrid games, C program verification, compiler,
and their composition) are machine-checked in the Coq proof assistant. Our
proofs are modular: the hybrid game proof holds on any implementation of
HMAC-DRBG that satisfies our functional specification. Therefore, our
functional specification can serve as a high-assurance reference.Comment: Appearing in CCS '1
Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution
The main reason for the standardization of network protocols, like QUIC, is
to ensure interoperability between implementations, which poses a challenging
task. Manual tests are currently used to test the different existing
implementations for interoperability, but given the complex nature of network
protocols, it is hard to cover all possible edge cases.
State-of-the-art automated software testing techniques, such as Symbolic
Execution (SymEx), have proven themselves capable of analyzing complex
real-world software and finding hard to detect bugs. We present a SymEx-based
method for finding interoperability issues in QUIC implementations, and explore
its merit in a case study that analyzes the interoperability of picoquic and
QUANT. We find that, while SymEx is able to analyze deep interactions between
different implementations and uncovers several bugs, in order to enable
efficient interoperability testing, implementations need to provide additional
information about their current protocol state.Comment: 6 page
Exploring Formal Methods for Cryptographic Hash Function Implementations
Cryptographic hash functions are used inside many applications that critically rely on their resistance against cryptanalysis attacks and the correctness of their implementations. Nevertheless, vulnerabilities in cryptographic hash function implementations can remain unnoticed for more than a decade, as shown by the recent discovery of a buffer overflow in the implementation of SHA-3 in the eXtended Keccak Code Package (XKCP), impacting Python, PHP, and several other software projects. This paper explains how this buffer overflow vulnerability in XKCP was found. More generally, we explore the application of formal methods to the five finalist submission packages to the NIST SHA-3 competition, allowing us to (re-)discover vulnerabilities in the implementations of Keccak and BLAKE, and also discover a previously undisclosed vulnerability in the implementation of Grøstl. We also show how the same approach rediscovers a vulnerability affecting 11 out of the 12 implemented cryptographic hash functions in Apple\u27s CoreCrypto library. Our approach consists of removing certain lines of code and then using KLEE as a tool to prove functional equivalence. We discuss the advantages and limitations of our approach and hope that our attempt to consolidate some earlier approaches can lead to new insights
SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices
Trusted Execution Environments (TEEs) embedded in IoT devices provide a
deployable solution to secure IoT applications at the hardware level. By
design, in TEEs, the Trusted Operating System (Trusted OS) is the primary
component. It enables the TEE to use security-based design techniques, such as
data encryption and identity authentication. Once a Trusted OS has been
exploited, the TEE can no longer ensure security. However, Trusted OSes for IoT
devices have received little security analysis, which is challenging from
several perspectives: (1) Trusted OSes are closed-source and have an
unfavorable environment for sending test cases and collecting feedback. (2)
Trusted OSes have complex data structures and require a stateful workflow,
which limits existing vulnerability detection tools. To address the challenges,
we present SyzTrust, the first state-aware fuzzing framework for vetting the
security of resource-limited Trusted OSes. SyzTrust adopts a hardware-assisted
framework to enable fuzzing Trusted OSes directly on IoT devices as well as
tracking state and code coverage non-invasively. SyzTrust utilizes composite
feedback to guide the fuzzer to effectively explore more states as well as to
increase the code coverage. We evaluate SyzTrust on Trusted OSes from three
major vendors: Samsung, Tsinglink Cloud, and Ali Cloud. These systems run on
Cortex M23/33 MCUs, which provide the necessary abstraction for embedded TEEs.
We discovered 70 previously unknown vulnerabilities in their Trusted OSes,
receiving 10 new CVEs so far. Furthermore, compared to the baseline, SyzTrust
has demonstrated significant improvements, including 66% higher code coverage,
651% higher state coverage, and 31% improved vulnerability-finding capability.
We report all discovered new vulnerabilities to vendors and open source
SyzTrust.Comment: To appear in the IEEE Symposium on Security and Privacy (IEEE S&P)
2024, San Francisco, CA, US
- …