IKEChecker:语法引导的IKE协议有状态模糊测试  

作　　者：郑永辉[1] 赵栋梁 顾纯祥[1] 张协力 ZHENG Yonghui;ZHAO Dongliang;GU Chunxiang;ZHANG Xieli(Information Engineering University,Zhengzhou 450001,China)

机构地区：[1]信息工程大学,河南郑州450001

出　　处：《网络与信息安全学报》2024年第4期109-122,共14页Chinese Journal of Network and Information Security

摘　　要：互联网密钥交换(IKE,internet key exchange)协议用于在IPSec(internet protocol security)协议中进行身份验证和密钥协商,其安全性对保护IP通信至关重要,复杂的协议逻辑导致协议实现中难免存在安全漏洞。模糊测试是检测协议实现中潜在漏洞的有效手段,但将现有模糊测试工具直接应用于IKE协议时,存在生成测试用例质量不高、难以探索深层状态空间等局限性。针对上述问题,设计了基于IKE协议语法的变异策略来减少无效测试用例的生成,同时增加测试用例的多样性;引入了基于进化策略的变异调度方案来自动优化变异算子的概率分布,进一步提高生成高质量测试用例的概率;设计了消息处理器用来维护协议交互上下文信息并执行密码学相关的操作,从而支持在黑盒条件下对IKE协议进行测试,并实现对深层协议交互行为和状态空间的探索。基于上述方法实现了IKE协议有状态模糊测试工具IKEChecker,该工具支持对IKEv1和IKEv2协议进行测试。对两种广泛使用的支持IKE协议实现的开源软件strongSwan和Libreswan进行测试,发现4个未公开漏洞;通过与其他模糊测试工具对比,评估了IKEChecker在漏洞检测方面的效率。The internet key exchange(IKE)protocol,integral to the authentication and key negotiation process within the Internet Protocol Security(IPSec)framework,has been utilized for the protection of IP communications.Given the complex protocol logic,security vulnerabilities in the implementation of the IKE protocol are inevitably present.Fuzz testing,recognized as an effective means of detecting potential vulnerabilities in protocol implementations,has been conventionally applied.However,the direct application of existing fuzzing tools to the IKE protocol has been found to present limitations,such as the generation of low-quality test cases and difficulty in exploring deep states.To address these issues,a mutation strategy based on the grammar of the IKE protocol was designed,aiming to reduce the generation of invalid test cases while increasing the diversity of generated test cases.Additionally,an evolutionary strategy-based mutation scheduling scheme was introduced,which automatically optimized the probability distribution of mutation operators,further increasing the likelihood of generating high-quality test cases.A message handler was designed to maintain protocol interaction context information and perform cryptographic operations,thereby supporting testing of the IKE protocol under black-box conditions.This enabled the exploration of deep protocol interaction behavior and state space.Utilizing the aforementioned methods,an IKE protocol stateful fuzz testing tool named IKEChecker was implemented,supporting testing of both IKEv1 and IKEv2 protocols.Testing was conducted on two widely used open-source IKE protocol implementations,strongSwan and Libreswan,resulting in the revelation of 4 undisclosed vulnerabilities.By comparing IKEChecker with other fuzz testing tools,its efficiency in vulnerability detection was evaluated.

关 键 词：安全协议 模糊测试 软件测试 IKE协议 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]