Test Generation and Fuzz Testing Design

Abstract

Global System for Mobile Communications (GSM) network is one of the most vulnerable systems and it is a popular target for hackers. Its core communication protocol is based on legacy protocol stack Signaling System No. 7 (SS7), which shows more and more known vulnerabilities. However, securing these issues is quite a complex task. The paper focuses on the SS7 protocol family, especially on the Mobile Application Protocol (MAP), which handles sensitive information about the mobile subscribers’ location and enabled services. Fuzzers are tools that are frequently used by hackers to locate security holes in software, and their popularity has grown among the security testers as well.

In my thesis I compared various fuzzers and conducted fuzz testing on a Home Location Register in order to locate vulnerabilities in the communication interface. I configured a generational fuzzer called Sulley to test the Update Location operation of the MAP and analyze its behavior during the process. My results showed that including malicious data in the IMSI, MSC-number and VLR-number parameters did not cause any complication. However, initiating plenty, incomplete transaction in a short time can produce system failure.