BGP Module Documentation for the PYenca Agent

This documentation stand for the design, implementation ideas and some features and capabilities added to the NETCONF Protocol through the BGP implementation process. Also, it explains a resulting library created for this implementation to transforms from the data device to the XML design and backward, that could be use for the implementation of new modules

Technical Report: Stateful Fuzzer

With the recent evolution in the VoIP market, where more and more devices and services are being pushed on a very promising market, assuring their security becomes crucial. Among the most dangerous threats to VoIP, failures and bugs in the software implementation will still rank high on the list of vulnerabilities. In this paper we address the issue of detecting such vulnerabilities using a stateful fuzzer. We describe an automated attack approach capable to self-improve and to track the state context of a target device. We implemented our approach and were able to discover vulnerabilities in market leading and well known equipments and software

KiF: A stateful SIP Fuzzer

International audienceWith the recent evolution in the VoIP market, where more and more devices and services are being pushed on a very promising market, assuring their security becomes crucial. Among the most dangerous threats to VoIP, failures and bugs in the software implementation will still rank high on the list of vulnerabilities. In this paper we address the issue of detecting such vulnerabilities using a stateful fuzzer. We describe an automated attack approach capable to self-improve and to track the state context of a target device. We implemented our approach and were able to discover vulnerabilities in market leading and well known equipments and software

Advanced Network Fingerprinting

International audienceSecurity assessment tasks and intrusion detection systems do rely on automated fingerprinting of devices and services. Most current fingerprinting approaches use a signature matching scheme, where a set of signatures are compared with traffic issued by an unknown entity. The entity is identified by finding the closest match with the stored signatures. These fingerprinting signatures are found mostly manually, requiring a laborious activity and needing advanced domain specific expertise. In this paper we describe a novel approach to automate this process and build flexible and efficient fingerprinting systems able to identify the source entity of messages in the network. We follow a passive approach without need to interact with the tested device. Application level traffic is captured passively and inherent structural features are used for the classification process. We describe and assess a new technique for the automated extraction of protocol fingerprints based on arborescent features extracted from the underlying grammar. We have successfully applied our technique to the Session Initiation Protocol (SIP) used in Voice over IP signalling

Fuzzing dans la sphère VoIP

National audienceLa voix sur IP (VoIP) s'impose aujourd'hui comme l'une des technologies clefs de l'Internet actuel et futur. Dans cet article, nous partageons l'expérience pratique acquise ces deux dernières années par notre équipe de recherche sur l'automatisation des processus de découverte de vulnérabilités dans le monde VoIP. Nous dressons un portrait relativement sombre de la sécurité actuelle de la sphère VoIP en présentant les vulnérabilités les plus dangereuses capables d'aboutir à la compromission de réseaux entiers. Toutes les vulnérabilités présentées dans cet article ont été publiées par notre équipe de recherche et ont été découvertes à l'aide de notre propre suite logicielle de fuzzing appelée KIF. Toute vulnérabilité présentée dans l'article est également accompagnée d'une présentation d'une solution permettant de s'en prémunir

Assessment of security extended XML-based Management

The emergence of new management paradigms having XML as a core foundation block demands a comprehensive analysis of their security and performance issues. This paper presents an extension to the existing NetConf protocol. This extension consists of a security architecture and some advanced XML specific features. We describe a series of experiments addressing the performance and operational aspects of our developed implementation and provide grounded answers to issues of significant relevancy to the research community

Behavioral and Temporal Fingerprinting

This paper addresses the fingerprinting of communication protocols based on temporal and behavioral information. The objective of fingerprinting a device speaking a given protocol is to uniquely identify the device by looking at captured traffic that is generated by devices implementing that protocol. This paper proposes a conceptual model for capturing behavior and related temporal information from devices that implement a given protocol. Our key contribution is a fingerprinting scheme, where individual fingerprints are represented by tree-based temporal finite state machines. We have developed a fingerprinting scheme that leverages supervised learning approaches based on support vector machines for this purpose. We have validated the proposed approach on Session Initiation Protocol and concluded that very good classification performance is achieved

PTF: Passive Temporal Fingerprinting

International audienceWe describe in this paper a tool named PTF (Passive and Temporal Fingerprinting) for fingerprinting network devices. The objective of device fingerprinting is to uniquely identify device types by looking at captured traffic from devices imple- menting that protocol. The main novelty of our approach consists in leveraging both temporal and behavioral features for this purpose. The key contribution is a fingerprinting scheme, where individual fingerprints are represented by tree-based temporal finite state machines. We have developed a fingerprinting scheme that leverages supervised learning approaches based on support vector machines for this purpose

Advanced Fingerprinting For Inventory Management

Identifying the protocol stack or the device version of remote equipment is a powerful tool for security assessment and network management. This paper proposes two novel fingerprinting techniques based on the syntactic tree representation of messages. The first leverages the support vector machines paradigm and needs a learning stage while the second one executed in an unsupervised manner thanks to a new classification algorithm. The approaches are validated through extensive experimentations and show very good behaviors

Spectral Fuzzing: Evaluation & Feedback

This paper presents an instrumentation framework for assessing and improving fuzzing, a powerful technique to rapidly detect software vulnerabilities. We address the major current limitation of fuzzing techniques, namely the absence of evaluation metrics and the absence of automated quality assessment techniques for fuzzing approaches. We treat the fuzzing process as a signal and show how derived measures like power and entropy can give an insightful perspective on a fuzzing process. We demonstrate how this perspective can be used to compare the efficiency of several fuzzers, derive stopping conditions for a fuzzing process, or help to identify good candidates for input data. We show through the Linux implementation of our instrumentation framework how the approach was successfully used to assess two different fuzzers on real applications. Our instrumentation framework leverages a tainted data approach and uses data lifetime tracing with an underlying tainted data graph structure