Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning
In: Communications in Computer and Information Science ISBN: 9789811358258 SSCC; (2019)
Online
unknown
Zugriff:
TLS protocol is an essential part of secure Internet communication. In the past, many attacks have been identified on the protocol. Most of these attacks are not due to design flaws of the protocol, but due to flaws in specific implementation of protocol. One of the widely used implementation of TLS is SChannel which is used in Windows operating system since its inception. In this paper, we have used “protocol state fuzzing” to identify vulnerable and undesired state transitions in the state machine models of the protocol for various versions of SChannel. The technique of protocol state fuzzing has been implemented using query based state machine learning. The client as well as server components have been analyzed thoroughly using this technique and various flaws have been discovered in the implementation. Exploitation of these flaws under specific circumstances may lead to serious attacks which have potential to disrupt secure communication.
Titel: |
Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning
|
---|---|
Autor/in / Beteiligte Person: | Yadav, Tarun ; Sadhukhan, Koustav |
Link: | |
Quelle: | Communications in Computer and Information Science ISBN: 9789811358258 SSCC; (2019) |
Veröffentlichung: | Springer Singapore, 2019 |
Medientyp: | unknown |
DOI: | 10.1007/978-981-13-5826-5_27 |
Schlagwort: |
|
Sonstiges: |
|