Skip to main content
SpringerLink
Log in
Book cover

International Conference on Risks and Security of Internet and Systems

CRiSIS 2016: Risks and Security of Internet and Systems pp 139–144Cite as

Protocol Reverse Engineering: Challenges and Obfuscation

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10158))

Abstract

Reverse engineering of communication protocols is aimed at providing methods and tools allowing to infer a model of these protocols. It is very relevant for many application domains, such as interoperability or security audits. Recently, several tools have been developed in order to automate, entirely or partially, the protocol inference process. These tools rely on several techniques, that are usually tuned and adapted according to the final goal of the reverse engineering task. The aim of this paper is (1) to present an overview of the main challenges related to reverse engineering, and (2) to introduce the use of obfuscation techniques to make the reverse engineering process more complex and difficult in particular to malicious users.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Antunes, J., Neves, N., Verissimo, P.: Reverse engineering of protocols from network traces. In: 2011 18th Working Conference on Reverse Engineering (WCRE), pp. 169–178. IEEE, New York (2011)

    Google Scholar 

  2. Bossert, G., Hiet, G., Henin, T.: Modelling to simulate botnet command and control protocols for the evaluation of network intrusion detection systems. In: 2011 Conference on Network and Information Systems Security (SAR-SSI), pp. 1–8. IEEE, La Rochelle (2011)

    Google Scholar 

  3. Bossert, G.: Exploiting semantic for the automatic reverse engineering of communication protocols. Ph.D. Thesis, Suplec December 2014

    Google Scholar 

  4. Bridger, H., Rishab, N., Phillipa, G., Rob, J.: Games without frontiers: investigating video games as a covert channel. In: Proceedings of the 2016 IEEE European Symposium on Security and Privacy, IEEE European Symposium on Security and Privacy. IEEE (2015)

    Google Scholar 

  5. Caballero, J., Poosankam, P., Kreibich, C., Song, D.: Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 621–634. ACM, New York (2009)

    Google Scholar 

  6. Caballero, J., Song, D.: Rosetta: extracting protocol semantics using binary analysis with applications to protocol replay and NAT rewriting. Technical Report CMU-CyLab-07-014, Carnegie Mellon University, Pittsburgh, USA (2007)

    Google Scholar 

  7. Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 317–329. ACM, New York (2007)

    Google Scholar 

  8. Caballero Bayerri, J.: Grammar and model extraction for security applications using dynamic program binary analysis. Ph.D. Thesis, Carnegie Mellon University, Pittsburgh, PA, USA (2010)

    Google Scholar 

  9. Cui, W., Paxson, V., Weaver, N., Katz, R.H.: Protocol-independent adaptive replay of application dialog. In: Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, San Diego, USA, February 2006. http://research.microsoft.com/apps/pubs/default.aspx?id=153197

  10. Cui, W., Peinado, M., Chen, K., Wang, H.J., Irun-Briz, L.: Tupni: automatic reverse engineering of input formats. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 391–402. ACM, New York (2008)

    Google Scholar 

  11. de la Higuera, C.: Grammatical Inference: Learning Automata and Grammars. Cambridge University Press, New York (2010)

    Google Scholar 

  12. Hjelmvik, E., John, W.: Breaking and Improving Protocol Obfuscation. Technical Report 2010–05, Chalmers University of Technology, Gothenburg, Sweden (2010). http://publications.lib.chalmers.se/cpl/record/index.xsql?pubid=123751

  13. Leita, C., Mermoud, K., Dacier, M.: ScriptGen: an automated script generation tool for Honeyd. In: 21st Annual Computer Security Applications Conference, p. 214. IEEE, Tucson (2005)

    Google Scholar 

  14. Li, X., Chen, L.: A survey on methods of automatic protocol reverse engineering. In: 2011 Seventh International Conference on Computational Intelligence and Security (CIS), pp. 685–689. IEEE, Hainan (2011)

    Google Scholar 

  15. Newsome, J., Brumley, D., Franklin, J., Song, D.: Replayer: automatic protocol replay by binary analysis. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, pp. 311–321. ACM, New York (2006)

    Google Scholar 

  16. Samba Team: Opening windows to a wider world. http://www.samba.org

Download references

Author information

Authors and Affiliations

  1. DGA Maîtrise de l’information, Rennes, France

    J. Duchêne & C. Le Guernic

  2. Laboratory High Security, INRIA Team TAMIS, Rennes, France

    C. Le Guernic

  3. LAAS-CNRS, Univ. de Toulouse, CNRS, INSA, Toulouse, France

    J. Duchêne, E. Alata, V. Nicomette & M. Kaâniche

Authors
  1. J. Duchêne
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. C. Le Guernic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. E. Alata
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. V. Nicomette
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. M. Kaâniche
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to J. Duchêne .

Editor information

Editors and Affiliations

  1. Telecom Bretagne , Cesson Sevigne CX, France

    Frédéric Cuppens

  2. Telecom Bretagne , Brest Cedex 3, France

    Nora Cuppens

  3. Inria , Rennes Cedex, France

    Jean-Louis Lanet

  4. Inria , Rennes Cedex, France

    Axel Legay

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Duchêne, J., Le Guernic, C., Alata, E., Nicomette, V., Kaâniche, M. (2017). Protocol Reverse Engineering: Challenges and Obfuscation. In: Cuppens, F., Cuppens, N., Lanet, JL., Legay, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2016. Lecture Notes in Computer Science(), vol 10158. Springer, Cham. https://doi.org/10.1007/978-3-319-54876-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-54876-0_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-54875-3

  • Online ISBN: 978-3-319-54876-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation