• Title/Summary/Keyword: CAN Fuzzing

Search Result 22, Processing Time 0.017 seconds

Software Security Testing using Block-based File Fault Injection (블록 기반 파일 결함 주입 기법을 이용한 소프트웨어 보안 테스팅)

  • Choi, Young-Han;Kim, Hyoung-Chun;Hong, Soon-Jwa
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.4
    • /
    • pp.3-10
    • /
    • 2007

  • In this paper, we proposed the methodology for security testing using block-based file fault injection. When fault is inserted into software, we consider the format of file in order to efficiently reduce the error that is caused by mismatch of format of file. The Vulnerability the methodology focuses on is related to memory processing, such as buffer overflow, null pointer reference and so on. We implemented the automatic tool to apply the methodology to image file format and named the tool ImageDigger. We executed fault-injection focused on WMF and EMF file format using ImageDigger, and found 10 DOS(Denial of Service) in Windows Platform. This methodology can apply to block-based file format such as MS Office file.

  • https://doi.org/10.13089/JKIISC.2007.17.4.3 인용 PDF KSCI HTML

A Study on IKE v2 Analysis Method for RealTime (NIKEv2 AR : IKE v2 실시간 분석 기술 연구)

  • Park, Junghyung;Ryu, Hyungyul;Ryou, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.4
    • /
    • pp.661-671
    • /
    • 2022

  • Due to the COVID-19 pandemic, remote working, e-learning, e-teaching and online collaboration have widely spread and become popular. Accordingly, the usage of IPsec VPN for security reasons has also dramatically increased. With the spread of VPN, VPN vulunerabilities are becoming an important target of attack for attackers, and many studies have been conducted on this. IKE v2 analysis is an essential process not only for developing and building IPsec VPN systems but also for security analysis. Network packet analysis tools such as Wireshark and Tcpdump are used for IKE v2 analysis. Wireshark is one of the most famous and widely-used network protocol analyzers and supports IKE v2 analysis. However Wireshark has many limitations, such as requiring system administrator privileges for IKE v2 analysis. In this paper, we describe Wireshark's limitations in detatil and propose a new analysis method. The proposed analysis method can analyze all encrypted IKE v2 messages in real time from the session key exchange In addition, the proposed analysis method is expected to be used for dynamic testing such as fuzzing as packet manipulation.

  • https://doi.org/10.13089/JKIISC.2022.32.4.661 인용 PDF KSCI HTML