IKE vulnerability discovery based on fuzzing
Article first published online: 7 NOV 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 6, Issue 7, pages 889–901, July 2013
How to Cite
Yang, H., Zhang, Y., Hu, Y.-p. and Liu, Q.-x. (2013), IKE vulnerability discovery based on fuzzing. Security Comm. Networks, 6: 889–901. doi: 10.1002/sec.628
- Issue published online: 21 JUN 2013
- Article first published online: 7 NOV 2012
- IKE protocol;
- security analysis;
- vulnerability discovery;
Internet Key Exchange (IKE) protocol is widely applied on the Internet to protect confidentiality of the Internet communication. However, there are many high-risk security vulnerabilities in various IKE implementations. Traditional fuzzing approaches with the aim of discovering vulnerabilities have some blind spots, such as time-consuming, low efficiency, and low degree of automation. This paper introduces a new vulnerability discovering approach based on fuzzing and applies the approach to the IKE protocol. Through summarizing the most comprehensive vulnerable points of IKE protocol and proposing a two-stage test cases library, an IKE protocol vulnerability discovering tool called IKEProFuzzer is designed and implemented. It is a network protocol fuzzing framework with extensibility and automated Monitor/Debugger designed by ourselves. In the experiments, IKEProFuzzer has discovered 14 vulnerabilities, including nine released vulnerabilities and five unreleased ones, which affect many kinds of routers and applications. The evaluation results prove the feasibility, efficiency, and extensibility of the approach compared with the existing approaches. Copyright © 2012 John Wiley & Sons, Ltd.