• IKE protocol;
  • security analysis;
  • vulnerability discovery;
  • fuzzing;
  • router;
  • application


Internet Key Exchange (IKE) protocol is widely applied on the Internet to protect confidentiality of the Internet communication. However, there are many high-risk security vulnerabilities in various IKE implementations. Traditional fuzzing approaches with the aim of discovering vulnerabilities have some blind spots, such as time-consuming, low efficiency, and low degree of automation. This paper introduces a new vulnerability discovering approach based on fuzzing and applies the approach to the IKE protocol. Through summarizing the most comprehensive vulnerable points of IKE protocol and proposing a two-stage test cases library, an IKE protocol vulnerability discovering tool called IKEProFuzzer is designed and implemented. It is a network protocol fuzzing framework with extensibility and automated Monitor/Debugger designed by ourselves. In the experiments, IKEProFuzzer has discovered 14 vulnerabilities, including nine released vulnerabilities and five unreleased ones, which affect many kinds of routers and applications. The evaluation results prove the feasibility, efficiency, and extensibility of the approach compared with the existing approaches. Copyright © 2012 John Wiley & Sons, Ltd.