A Survey of Automatic Protocol Reverse Engineering Tools

Narayan, John; Shukla, Sandeep K.; Clancy, T. Charles

doi:10.1145/2840724

Cited by 69 publications

(41 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The idea of using regular inference to analyse implementations of security protocols dates back to at least Shu and Lee [19]. An extensive survey of this and other techniques to reverse engineer protocol implementations has been given by Narayan et al [20].…”

Section: Related Work In Protocol State Fuzzingmentioning

confidence: 99%

Inferring OpenVPN State Machines Using Protocol State Fuzzing

Daniel

Poll²,

Ruiter³

2018

2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.

show abstract

Section: Related Work In Protocol State Fuzzingmentioning

confidence: 99%

Inferring OpenVPN State Machines Using Protocol State Fuzzing

Daniel

Poll²,

Ruiter³

2018

2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

View full text Add to dashboard Cite

show abstract

“…This method is especially useful when a file to execute the protocol is unavailable because it only requires a system implementing the protocol to be running, even if it is not running locally. The work in [13] surveys Automatic Protocol Reverse Engineering Tools using this approach. Those tools seem to be mostly academic; a commercial one is VISUALETHER PROTOCOL ANALYZER 7.0 13 , which uses the output of Wireshark (a network protocol analyzer) to generate sequence and callflow diagrams.…”

Section: Related Tools and Approachesmentioning

confidence: 99%

“…The work in [13] surveys Automatic Protocol Reverse Engineering Tools using this approach. Those tools seem to be mostly academic; a commercial one is VISUALETHER PROTOCOL ANALYZER 7.0 13 , which uses the output of Wireshark (a network protocol analyzer) to generate sequence and callflow diagrams. Avalle et al [14] survey state-of-the-art research aimed at automatically getting formal security proofs of models close to the source code of real protocol-logic implementations.…”

Section: Related Tools and Approachesmentioning

confidence: 99%

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

Sandoval

Lenzini

2018

2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

Abstract-Often, analysts have to face a challenging situation when formally verifying the implementation of a security protocol: they need to build a model of the protocol from only poorly or not documented code, and with little or no help from the developers to better understand it. Security protocols implementations frequently use services provided by libraries coded in the C programming language; automatic tools for codelevel reverse engineering offer good support to comprehend the behavior of code in object-oriented languages but are ineffective to deal with libraries in C. Here we propose a systematic, yet human-dependent approach, which combines the capabilities of state-of-the-art tools in order to help the analyst to retrieve, step by step, the security protocol specifications from a library in C. Those specifications can then be used to create the formal model needed to carry out the analysis.

show abstract

“…Automatic protocol reverse-engineering [4] techniques enable private protocols to be understood. The goal of automatic protocol reverse engineering is to extract the grammar, semantics, and state machine of private protocol messages [5][6][7].…”

Section: Background and Protocol Reversementioning

confidence: 99%

“…for item in SP do (4) for (Com , Com ) in Com do (5) if not equation (12) then (6) flag = 1 (7) break (8) end if (9) end for (10) if flag == 1 then (11) break (12) end if (13) join item in 2 (14) end for (15) The th bits in the check fields of commands Com and Com are assumed to be ( ) and ( ) , respectively, because they satisfy (9); ( ) and ( ) also satisfy…”

Section: Inferring the Location Of The Check Field And Generatormentioning

confidence: 99%

Automatic Reverse Engineering of Private Flight Control Protocols of UAVs

Jian

Tang

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

The increasing use of civil unmanned aerial vehicles (UAVs) has the potential to threaten public safety and privacy. Therefore, airspace administrators urgently need an effective method to regulate UAVs. Understanding the meaning and format of UAV flight control commands by automatic protocol reverse-engineering techniques is highly beneficial to UAV regulation. To improve our understanding of the meaning and format of UAV flight control commands, this paper proposes a method to automatically analyze the private flight control protocols of UAVs. First, we classify flight control commands collected from a binary network trace into clusters; then, we analyze the meaning of flight control commands by the accumulated error of each cluster; next, we extract the binary format of commands and infer field semantics in these commands; and finally, we infer the location of the check field in command and the generator polynomial matrix. The proposed approach is validated via experiments on a widely used consumer UAV.

show abstract

A Survey of Automatic Protocol Reverse Engineering Tools

Cited by 69 publications

References 36 publications

Inferring OpenVPN State Machines Using Protocol State Fuzzing

Inferring OpenVPN State Machines Using Protocol State Fuzzing

Experience Report: How to Extract Security Protocols' Specifications from C Libraries

Automatic Reverse Engineering of Private Flight Control Protocols of UAVs

Contact Info

Product

Resources

About