QUIC-Fuzz: An Effective Greybox Fuzzer For The QUIC Protocol
- URL: http://arxiv.org/abs/2503.19402v1
- Date: Tue, 25 Mar 2025 07:21:35 GMT
- Title: QUIC-Fuzz: An Effective Greybox Fuzzer For The QUIC Protocol
- Authors: Kian Kai Ang, Damith C. Ranasinghe,
- Abstract summary: We develop a fuzzer for the recently ratified QUIC network protocol to uncover security vulnerabilities.<n>We test 6, well-maintained server-side implementations, including from Google and Alibaba with QUIC-Fuzz.<n>Our testing uncovered 10 new security vulnerabilities, precipitating 2 CVE assignments thus far.
- Score: 3.591122855617648
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Network applications are routinely under attack. We consider the problem of developing an effective and efficient fuzzer for the recently ratified QUIC network protocol to uncover security vulnerabilities. QUIC offers a unified transport layer for low latency, reliable transport streams that is inherently secure, ultimately representing a complex protocol design characterised by new features and capabilities for the Internet. Fuzzing a secure transport layer protocol is not trivial. The interactive, strict, rule-based, asynchronous nature of communications with a target, the stateful nature of interactions, security mechanisms to protect communications (such as integrity checks and encryption), and inherent overheads (such as target initialisation) challenge generic network protocol fuzzers. We discuss and address the challenges pertinent to fuzzing transport layer protocols (like QUIC), developing mechanisms that enable fast, effective fuzz testing of QUIC implementations to build a prototype grey-box mutation-based fuzzer; QUIC-Fuzz. We test 6, well-maintained server-side implementations, including from Google and Alibaba with QUIC-Fuzz. The results demonstrate the fuzzer is both highly effective and generalisable. Our testing uncovered 10 new security vulnerabilities, precipitating 2 CVE assignments thus far. In code coverage, QUIC-Fuzz outperforms other existing state-of-the-art network protocol fuzzers (Fuzztruction-Net, ChatAFL, and ALFNet) with up to an 84% increase in code coverage where QUIC-Fuzz outperformed statistically significantly across all targets and with a majority of bugs only discoverable by QUIC-Fuzz. We open-source QUIC-Fuzz on GitHub.
Related papers
- Fooling the Decoder: An Adversarial Attack on Quantum Error Correction [49.48516314472825]
In this work, we target a basic RL surface code decoder (DeepQ) to create the first adversarial attack on quantum error correction.
We demonstrate an attack that reduces the logical qubit lifetime in memory experiments by up to five orders of magnitude.
This attack highlights the susceptibility of machine learning-based QEC and underscores the importance of further research into robust QEC methods.
arXiv Detail & Related papers (2025-04-28T10:10:05Z) - SynFuzz: Leveraging Fuzzing of Netlist to Detect Synthesis Bugs [5.176992390068684]
We present a novel hardware fuzzer, SynFuzz, designed to overcome the limitations of existing hardware fuzzing frameworks.
SynFuzz focuses on fuzzing hardware at the gate-level netlist to identify synthesis bugs and vulnerabilities that arise during the transition from RTL to the gate-level.
We demonstrate how SynFuzz overcomes the limitations of the industry-standard formal verification tool, Cadence Conformal.
arXiv Detail & Related papers (2025-04-26T05:51:29Z) - Secure Physical Layer Communications for Low-Altitude Economy Networking: A Survey [76.36166980302478]
The Low-Altitude Economy Networking (LAENet) is emerging as a transformative paradigm.
Physical layer communications in the LAENet face growing security threats due to inherent characteristics of aerial communication environments.
This survey comprehensively reviews existing secure countermeasures for physical layer communication in the LAENet.
arXiv Detail & Related papers (2025-04-12T09:36:53Z) - Formally Discovering and Reproducing Network Protocols Vulnerabilities [1.7965226171103972]
This paper introduces Network Attack-centric Compositional Testing (NACT), a novel methodology to discover new vulnerabilities in network protocols.<n>NACT integrates composable attacker specifications, formal specification mutations, and randomized constraint-solving techniques to generate sophisticated attack scenarios and test cases.<n>By supporting cross-protocol testing within a black-box testing framework, NACT provides a versatile approach to improve the security of network protocols.
arXiv Detail & Related papers (2025-03-03T13:50:20Z) - Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC)
ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic.
We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Interactive Tools Substantially Assist LM Agents in Finding Security Vulnerabilities [46.34031902647788]
We present EnIGMA, an LM agent for autonomously solving Capture The Flag (CTF) challenges.<n>We introduce new tools and interfaces to improve the agent's ability to find and exploit security vulnerabilities.<n> Empirical analysis on 390 CTF challenges demonstrate that these new tools and interfaces substantially improve our agent's performance.
arXiv Detail & Related papers (2024-09-24T15:06:01Z) - Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
We introduce a novel Mixture-of-Experts (MoE)-based SemCom system.
This system comprises a gating network and multiple experts, each specializing in different security challenges.
The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements.
A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
arXiv Detail & Related papers (2024-09-24T03:17:51Z) - No Peer, no Cry: Network Application Fuzzing via Fault Injection [19.345967816562364]
We propose a fundamentally different approach that relies on fault injection rather than modifying messages.
We show that Fuzztruction-Net outperforms other fuzzers in terms of coverage and bugs found.
Overall, Fuzztruction-Net uncovered 23 new bugs in well-tested software, such as the web servers Nginx and Apache HTTPd and the OpenSSH client.
arXiv Detail & Related papers (2024-09-02T08:35:55Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - Practical quantum secure direct communication with squeezed states [55.41644538483948]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.
This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z) - Towards Flexible Anonymous Networks [0.5735035463793009]
We propose a new software architecture for volunteer-based distributed networks.
FAN shifts the dependence away from protocol tolerance without losing the ability for developers to ensure the continuous evolution of their software.
arXiv Detail & Related papers (2022-03-07T22:58:36Z) - SNPSFuzzer: A Fast Greybox Fuzzer for Stateful Network Protocols using
Snapshots [14.927657157570053]
SNPSFuzzer is a fast greybox fuzzer for stateful network protocol using snapshots.
SNPSFuzzer dumps the context information when the network protocol program is under a specific state and restores it when the state needs to be fuzzed.
arXiv Detail & Related papers (2022-02-08T04:53:36Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.