TLS Fuzzing

Transport Layer Security (TLS) is building block for the security of communications over the Internet. TLS is used for securing http(s), DNS (DNS-over-TLS and DNS-over-HTTPS), emails and many more!

At the same time, TLS is a very complex protocol, with lots of edge cases. The goal of this project is to study how fuzzers can be used to automate the testing of TLS implementations.

Goal

The goal of this project is to study how fuzzers can be used to test TLS implementations. Some experiments should be conducted using existing fuzzers.

Expected outcome

• literature study
• source code of the tests on our GitLab server
• 1 blog post
• 1 poster
• a project report describing the conducted tests, with the literature study

Required skills

To start this project you should have some knowledge of:

• networking
• some programming language

Tools and technologies

To achieve this project, you will discover and use the following tools and technologies:

• the fuzzer of your choice
• use git to manage your source code
• use GitLab to implement Continuous Implementation (CI)

References

Some tools and literature are already available on the subject. For example:

• https://github.com/tlsfuzzer/tlsfuzzer
• https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/de-ruiter
• https://blog.doyensec.com/2020/05/14/asn1fuzz.html
• https://deepsec.net/docs/Slides/2016/Systematic_Fuzzing_and_Testing_of_TLS_Libraries_-_Juraj_Somorovsky.pdf
• https://beyondsecurity.com/dynamic-fuzzing-testing-tls.html

Interested?

Contact us