Skip to Main content Skip to Navigation
Theses

Développement et évaluation d'obsfucations de protocoles basées sur la spécification

Julien Duchene 1
1 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : There are more and more protocols. Many of them have their specification available for interoperability purpose for instance. However, when it comes to intellectual property, this specification is kept secret. Attackers might use a wrongly implemented protocol to compromise a system, if he has access to the specification, it’s attack would be far more efficient. Even if he does not have access to the specification, he can reverse-engine it. Thus, create protocols hard to reverse is interesting. In this thesis, we develop a novel approach of protocol protections to make protocol reverse engineering more complex. We apply some obfuscations on protocol message format, furthermore, we do it automatically from the original protocol specification. Firstly, we have analyzed more than 30 different contributions of protocol reverse engineering tools. We retrieved the following elements : 1) Protocol reverse engineering tools try to infer regular models ; 2) They suppose that the parsing is done from left to right ; 3) They delimit fields based on well-known delimiters or with ad-hoc techniques ; 4) They cluster messages based on pattern similarity measures. Thus, to make protocol reverse harder, one can create protocols which does not respect theses statements. Secondly, we have proposed a model of message format on which obfuscations can be applied. With this model, we also provide some atomic obfuscations which can be composed. Each obfuscation target one or more protocol reverse engineering hypothesis. Obfuscation composition ensures effectiveness of our solution and makes protocol reverse-engineering more complex. This model is used to automatically generate code for parser, serializer and accessors. This solution is implemented into a framework we called ProtoObf. ProtoObf is used to evaluate obfuscations performance. Results show an increase of protocol complexity with the number of obfuscation composition while costs (particularly the serialized buffer size) stay low.
Complete list of metadata

Cited literature [87 references]  Display  Hide  Download

https://hal.laas.fr/tel-02018873
Contributor : Christine Fourcade <>
Submitted on : Thursday, February 14, 2019 - 11:14:53 AM
Last modification on : Thursday, June 10, 2021 - 3:01:32 AM
Long-term archiving on: : Wednesday, May 15, 2019 - 7:40:05 PM

File

DUCHENE Julien.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : tel-02018873, version 1

Citation

Julien Duchene. Développement et évaluation d'obsfucations de protocoles basées sur la spécification. Réseaux et télécommunications [cs.NI]. Institut national des sciences appliquées de Toulouse, 2018. Français. ⟨tel-02018873⟩

Share

Metrics

Record views

156

Files downloads

349