Security Verification of Korean Open Crypto Source Codes with Differential Fuzzing Analysis Method

Vol. 30, No. 6, pp. 1225-1236, Dec. 2020
10.13089/JKIISC.2020.30.6.1225, Full Text:
Keywords: Software Testing, Differential Fuzzing, Cryptographic Library, Vulnerability
Abstract

Fuzzing is an automated software testing methodology that dynamically tests the security of software by inputting randomly generated input values outside of the expected range. KISA is releasing open source for standard cryptographic algorithms, and many crypto module developers are developing crypto modules using this source code. If there is a vulnerability in the open source code, the cryptographic library referring to it has a potential vulnerability, which may lead to a security accident that causes enormous losses in the future. Therefore, in this study, an appropriate security policy was established to verify the safety of block cipher source codes such as SEED, HIGHT, and ARIA, and the safety was verified using differential fuzzing. Finally, a total of 45 vulnerabilities were found in the memory bug items and error handling items, and a vulnerability improvement plan to solve them is proposed.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
윤형준 and 서석충, "Security Verification of Korean Open Crypto Source Codes with Differential Fuzzing Analysis Method," Journal of The Korea Institute of Information Security and Cryptology, vol. 30, no. 6, pp. 1225-1236, 2020. DOI: 10.13089/JKIISC.2020.30.6.1225.

[ACM Style]
윤형준 and 서석충. 2020. Security Verification of Korean Open Crypto Source Codes with Differential Fuzzing Analysis Method. Journal of The Korea Institute of Information Security and Cryptology, 30, 6, (2020), 1225-1236. DOI: 10.13089/JKIISC.2020.30.6.1225.