Computer Science ›› 2018, Vol. 45 ›› Issue (9): 171-176.doi: 10.11896/j.issn.1002-137X.2018.09.028

• Information Security • Previous Articles     Next Articles

Mining RTSP Protocol Vulnerabilities Based on Traversal of Protocol State Graph

LI Jia-li1, CHEN Yong-le1, LI Zhi2,3, SUN Li-min2,3,4   

  1. College of Computer Science and Technology,Taiyuan University of Technology,Taiyuan 030600,China1
    Beijing Key Laboratory of IOT Information Security,Beijing 100093,China2
    Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China3
    University of Chinese Academy of Sciences,Beijing 100049,China4
  • Received:2017-08-17 Online:2018-09-20 Published:2018-10-10

Abstract: Currently,many video surveillance equipments like cameras,DVRs,and NVRs support RTSP protocol,and the number of buffer overflow vulnerabilities caused by the RTSP protocol is large and harmful.Therefore,the research on the RTSP protocol has both application value and theoretical significance.The number of test cases generated by directly using the fuzzy test framework is huge,and the test process takes a long time.Aiming at the above problems,this paper took the RTSP protocol of video surveillance equipment as the research object,and proposed a method which removes duplicate sample set of the protocol basic block,uses the constraint relationship and state transition between protocol states to construct protocol state diagram,and dose deep traversal based on protocol state diagram.This method reduces the generation of test cases and improves the effectiveness of generation.When the RTSP protocol is tested by fuzzing method,the method of sending a TCP probe packet is used to determine whether the test target is abnormal.The redundant part of the recorded abnormal test case is removed,which facilitates subsequent playback and reduces the time, thereby improving the efficiency of vulnerability mining.

Key words: Fuzzy test, RTSP protocol, Video surveillance equipment, Vulnerability mining

CLC Number: 

  • TP393
[1]SHI F Y,FU D S.A survey on analysis and utilization of buffer overflow vulnerability[J].Journal of Computer Science,2013,40(11):143-146.(in Chinese)
史飞悦,傅德胜.缓冲区溢出漏洞挖掘分析及利用的研究[J].计算机科学,2013,40(11):143-146.
[2]MEI H,WANG Q X,ZHANG L,et al.Analysis of the progress of software technology[J].Chinese Journal of Computers,2009,32(9):1697-1710.
[3]CHI Q,LUO H,QIAO X D.A survey of vulnerability mining and analysis technology[J].Computer and Information Techno-logy,2009(Z2):90-92.(in Chinese)
迟强,罗红,乔向东.漏洞挖掘分析技术综述[J].计算机与信息技术,2009(Z2):90-92.
[4]MA R,JI W,HU C,et al.Fuzz testing data generation for network protocol using classification tree[C]∥Communications Security Conference.IET,2014:1-5.
[5]MA R,WANG D,HU C,et al.Test data generation for Stateful network protocol fuzzing using a rule-based state machine[J].Tsinghua Science and Technology,2016,21(3):352-360.
[6]KIM S J,JO W Y,SHON T.A novel vulnerability analysis approach to generate fuzzing test case in industrial control systems[C]∥IEEE Information Technology,Networking,Electronic and Automation Control Conference.IEEE,2016:566-570.
[7]HAN X,WEN Q,ZHANG Z.A mutation-based fuzz testing approach for network protocol vulnerability detection[C]∥International Conference on Computer Science and Network Techno-logy.IEEE,2013:1018-1022.
[8]LI H,WANG S,ZHANG B,et al.Network protocol security
testing based on fuzz[C]∥International Conference on Compu-ter Science and Network Technology.IEEE,2015:955-958.
[9]WANG W,SUN H,ZENG Q.SeededFuzz:Selecting and Gene-rating Seeds for Directed Fuzzing[C]∥International Symposium on Theoretical Aspects of Software Engineering.IEEE,2016:49-56.
[10]MA R,REN S,MA K,et al.Semi-valid fuzz testing case generation for stateful network protocol[J].Tsinghua Science & Technology,2017,22(5):458-468.
[11]胡昌振,马锐,纪文东,et al.Case generation method for semi-legalized fuzz test of network protocol based on finite-state machine:CN 105095075 A[P].2015.
[12]NARAYAN J,SHUKLA S K,CLANCY T C.A Survey of Automatic Protocol Reverse Engineering Tools[J].Acm Computing Surveys,2015,48(3):1-26.
[13]MA R,ZHU T,HU C,et al.SulleyEX:A Fuzzer for Stateful Network Protocol[M]∥Network and Systems Security.2017:359-372.
[14]龚波,冯军.模糊测试——强制性安全漏洞发掘[M].北京:机械工业出版社,2009.
[15]Sulley[EB/OL].(2013-06-11)[2016-10-18].http://github.com/OpenRCE/sulley.
[16]RFC2326.RTSP Protocol[Z/OL].(2009-08-10).https://tools.ietf.org/html/rfc2326.
[1] LI Ming-lei, HUANG Hui, LU Yu-liang, ZHU Kai-long. SymFuzz:Vulnerability Detection Technology Under Complex Path Conditions [J]. Computer Science, 2021, 48(5): 25-31.
[2] ZHENG Jian-yun, PANG Jian-min, ZHOU Xin, WANG Jun. Enhanced Binary Vulnerability Mining Based on Constraint Derivation [J]. Computer Science, 2021, 48(3): 320-326.
[3] ZHAO Sai, LIU Hao, WANG Yu-feng, SU Hang, YAN Ji-wei. Fuzz Testing of Android Inter-component Communication [J]. Computer Science, 2020, 47(11A): 303-309.
[4] SUO Yan-feng, WANG Shao-jie, QIN Yu, LI Qiu-xiang, FENG Da-jun and LI Jing-chun. Summary of Security Technology and Application in Industrial Control System [J]. Computer Science, 2018, 45(4): 25-33.
[5] ZHANG Ya-feng, HONG Zheng, WU Li-fa, ZHOU Zhen-ji and SUN He. Protocol State Based Fuzzing Method for Industrial Control Protocols [J]. Computer Science, 2017, 44(5): 132-140.
[6] . Model Based Automatic Fuzzing Script Generation [J]. Computer Science, 2013, 40(3): 206-209.
[7] CHEN Tao,SUN Le-chang,PAN Zu-lie,LIU Jing-ju. Research on Software Vulnerability Mining Technique Based on File-format [J]. Computer Science, 2011, 38(Z10): 78-82.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!