IP-Sec Fuzzing


Supervision: Juraj Somorovsky

Start date: now

Duration: 6 months

More details:


IP-Sec is a complex crypto protocol, supporting different cryptographic algorithms, security properties and modes of operations. Therefore, we should not wonder if we could find there nice crypto bugs or memory boundary violations (buffer overflows and overreads).

The goal of this thesis is to implement a fuzzing module for our (currently internal) IPSec-Attacker. IPSec-Attacker is a flexible Java-based tool for constructing variable IPSec protocol flows (similarly to the already published TLS-Attacker: https://github.com/RUB-NDS/TLS-Attacker). It allows one to send IPSec messages in an arbitrary order, or to change their contents at the byte level. This makes the tool suitable for fuzzing purposes.

We hope to find in IP-Sec similar bugs as in TLS (http://www.golem.de/news/openssl-update-die-rueckkehr-des-padding-orakels-1605-120711.html).


Erfolgreiche Teilnahme an den Veranstaltungen Netzsicherheit 1 und 2.

Sehr gute Programmierkenntnisse, nachweisbar z.B. durch eine erfolgreiche Teilnahme am Praktikum Security Appliances.

Diese Arbeit kann ggf. auch als eine Bachelorarbeit bearbeitet werden. Der Aufwand kann dabei angepasst werden.