Abstract
One of the main challenges in system’s development is to give a proof of evidence that its functionalities are correctly implemented. This objective is mostly achieved via testing techniques, which include software testing to check whether a system meets its functionalities, or security testing to express what should not happen. For the latter case, fuzzing is considered as first class citizen. It consists in exercising the system with (randomly) generated and eventually modified inputs in order to test its resistance. While fuzzing is definitively the fastest and the easiest way for testing applications, it suffers from severe limitations. Indeed, the precision of the model used for input generation: a random and/or simple model cannot reach all states and significant values. Moreover, a higher model precision can result in a combinatorial explosion of test cases. In this paper, we suggest a new approach whose main ingredient is to combine timing attacks with fuzzing techniques. This new approach, which is dedicated to work on Java Card, allows not only reducing the test space explosion, but also to simplify the fuzzing process configuration. The technique has been implemented, and we present the results obtained on two applets loaded in a Java Card.
Similar content being viewed by others
References
Jorgensen, P.C.: Software Testing: A Craftsman’s Approach. CRC press, Boca Raton (2013)
Myers, G.J., Sandler, C., Badgett, T.: The Art of Software Testing. Wiley, New York (2011)
Baresel, A., Pohlheim, H., Sadeghipour, S.: Structural and functional sequence test of dynamic and state-based software with evolutionary algorithms. In: Genetic and Evolutionary Computation–GECCO 2003, pp. 2428–2441. Springer, Berlin (2003)
Utting, M., Legeard, B.: Practical Model-Based Testing: A Tools Approach. Morgan Kaufmann Publishers Inc., San Francisco (2007)
Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice-Hall Inc, Upper Saddle River (1994)
Robling, D., Dorothy, E.: Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc, Boston (1982)
Bishop, M., Bailey, D.: A critical analysis of vulnerability taxonomies. Technical report, DTIC Document (1996)
Takanen, A., DeMott, J., Miller, C.: Fuzzing for Software Security Testing and Quality Assurance, 1st edn. Artech House Inc, Norwood (2008)
Takanen, A.: Fuzzing: the past, the present and the future. SSTIC (2009)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards, vol. 31. Springer, Berlin (2008)
Mangard, S.: A simple power-analysis (SPA) attack on implementations of the AES key expansion. In: Information Security and Cryptology–ICISC 2002, pp. 343–358. Springer, Berlin (2003)
Quisquater, J-J., Samyde, D.: Electromagnetic analysis (EMA): measures and counter-measures for smart cards. In: Smart Card Programming and Security, pp. 200–210. Springer, Berlin (2001)
Kocher, P.C..: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO ’96, pp. 104–113, London, UK. Springer, Berlin (1996)
Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, P., Quisquater, J.-J., Willems, J.-L.: A practical implementation of the timing attack. In: International Conference on Smart Card Research and Advanced Applications, pp. 167–182. Springer, Berlin (1998)
Foo Kune, D., Kim, Y.: Timing attacks on pin input devices. In: Proceedings of the 17th ACM conference on Computer and communications security, pp. 678–680. ACM (2010)
Brumley, D., Boneh, D.: Remote timing attacks are practical. In Proceedings of the 12th USENIX Security Symposium, pp. 1–14 (2003)
Bernstein, D.J.: Cache-timing attacks on AES (2005)
Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proceedings of the 7th ACM Conference on Computer and Communications Security. CCS ’00, pp. 25–32. NY, USA, ACM, New York (2000)
Putt, B., Putt, E., Lanet, J.-L.: Using side channel information for improving data partitioning strategy to test smart cards. In: SAR-SSI conference (2014)
Common Criteria. Common Criteria for Information Technology Security Evaluation-version 3.0 Rev. 2 (2005)
Integrated circuit card specifications for payment systems, book 3 : application specification, version 4.3 ed., emvco. https://www.emvco.com/specifications.aspx
Haller, I., Slowinska, A., Neugschwandtner, M., Bos, H.: Dowsing for overflows: a guided fuzzer to find buffer boundary violations. In: Proceedings of the 22Nd USENIX Conference on Security, SEC’13, pp. 49–64 (2013)
Eddington, M.: Peach fuzzing platform 3 (2004). http://peachfuzzer.com/
Amini, P.: Sulley fuzzing platform (2004). https://github.com/openrce/sulley
Barreaud, M., Bouffard, G., Kamel, N., Lanet, J.-L.: Fuzzing on the http protocol implementation in mobile embedded web server. In: Caesar (2011)
Lancia, J.: Un framework de fuzzing pour cartes a puce: application aux protocoles. SSTIC (2011)
Guyot, V.: Smart card the invisible bullet. In: Proceeding of the 9th European Conference on Information Warfare and Security (2010)
Alimi, V.: Contribution au déploiement des services mobiles et à l’analyse de la sécurité des transactions. Ph.D. thesis, University of Caen, France (2012)
Richardson, D.J., Clarke, L.A.: Partition analysis: a method combining testing and verification. IEEE Trans. Softw. Eng. 11(12), 1477–1490 (1985)
Ostrand, T.J., Balcer, M.J.: The category-partition method for specifying and generating functional tests. Commun. ACM 31(6), 676–686 (1988)
Martignoni, L., Paleari, R., Roglia, G.F., Bruschi, D.: Testing cpu emulators. In: Proceedings of the eighteenth International Symposium on Software testing and analysis, pp. 261–272. ACM (2009)
Yang, X., Chen, Y., Eide, E., Regehr, J.: Finding and understanding bugs in c compilers. In: Mary, W.H., David, A.P. (eds.) PLDI, pp. 283–294. ACM, New York (2011)
Gauthier, A., Mazin, C., Iguchi-Cartigny, J., Lanet, J.-L.: Enhancing fuzzing technique for okl4 syscalls testing. In: ARES, pp. 728–733. IEEE (2011)
Kasmi, M.A., Azizi, M., Lanet, J.-L.: Reversing bytecode of obfuscated java based smart card using side chanel analysis. Int J Secur Appl 9(11), 347–356 (2015)
Jacoco java code coverage. http://eclemma.org/jacoco/
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lanet, JL., Le Bouder, H., Benattou, M. et al. When time meets test. Int. J. Inf. Secur. 17, 395–409 (2018). https://doi.org/10.1007/s10207-017-0371-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-017-0371-3