Security Testing of Embedded TLS Implementations

Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Security and Cloud Computing
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
The Transport Layer Security (TLS) protocol is by far the most popular cryptographic protocol used to secure data being exchanged on the Internet. The latest version, TLS 1.3, provides a set of security properties on top of what was already included in previous versions, such as channel binding, downgrade protection, and non-replayability, along with improved performance and exclusion of less secure algorithms that were used before. However, vulnerabilities are constantly found and reported in implementations of TLS, especially those developed specifically for embedded devices, as they require code optimizations that sometimes leave necessary checks out of the picture, giving rise to security flaws. To improve the quality and security of these embedded implementations, it is recommended to apply software testing throughout the development process. Fuzz testing, or simply fuzzing, is an effective testing technique that has been successfully used in the past to find bugs and vulnerabilities in different kinds of applications. In fuzzing tests, semi-valid test cases are generated randomly either by modifying valid seeds or by following a specification or model and fed as input to the target program, while monitoring its behavior. Unfortunately, most existing fuzzing tools are focused on file-based or standard input applications, and they are not very effective for testing cryptographic protocols where input messages are subject to integrity checks and need to be encrypted and decrypted constantly. Additionally, to the best of our knowledge, there is a lack of a comprehensive tool or set of guidelines that specify how to test embedded TLS implementations. In this thesis, we develop a testing framework that can be used to measure the security of embedded TLS implementations by combining fuzzing techniques with hand-crafted test cases. We then use this framework to test HTLS, a TLS library developed by Huawei.
Ekberg, Jan Erik
Thesis advisor
Niemi, Arto
security testing, vulnerability analysis, fuzzing, embedded systems