Get access

IKE vulnerability discovery based on fuzzing

Authors

  • Huan Yang,

    1. State Key Laboratory of Integrated Services Networks, Xidian University, Shannxi, Xi'an, China
    Search for more papers by this author
  • Yuqing Zhang,

    Corresponding author
    1. State Key Laboratory of Integrated Services Networks, Xidian University, Shannxi, Xi'an, China
    • National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing, China
    Search for more papers by this author
  • Yu-pu Hu,

    1. State Key Laboratory of Integrated Services Networks, Xidian University, Shannxi, Xi'an, China
    Search for more papers by this author
  • Qi-xu Liu

    1. National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing, China
    Search for more papers by this author

Correspondence: Yuqing Zhang, National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing, 100049, China.

E-mail: zhangyq@gucas.ac.cn

ABSTRACT

Internet Key Exchange (IKE) protocol is widely applied on the Internet to protect confidentiality of the Internet communication. However, there are many high-risk security vulnerabilities in various IKE implementations. Traditional fuzzing approaches with the aim of discovering vulnerabilities have some blind spots, such as time-consuming, low efficiency, and low degree of automation. This paper introduces a new vulnerability discovering approach based on fuzzing and applies the approach to the IKE protocol. Through summarizing the most comprehensive vulnerable points of IKE protocol and proposing a two-stage test cases library, an IKE protocol vulnerability discovering tool called IKEProFuzzer is designed and implemented. It is a network protocol fuzzing framework with extensibility and automated Monitor/Debugger designed by ourselves. In the experiments, IKEProFuzzer has discovered 14 vulnerabilities, including nine released vulnerabilities and five unreleased ones, which affect many kinds of routers and applications. The evaluation results prove the feasibility, efficiency, and extensibility of the approach compared with the existing approaches. Copyright © 2012 John Wiley & Sons, Ltd.

Ancillary