TY - GEN
T1 - Morpheus
T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021
AU - Yahyazadeh, Moosa
AU - Chau, Sze Yiu
AU - Li, Li
AU - Hue, Man Hong
AU - Debnath, Joyanta
AU - Ip, Sheung Chiu
AU - Li, Chun Ngai
AU - Hoque, Endadul
AU - Chowdhury, Omar
N1 - Funding Information:
We thank the reviewers for their insightful comments and suggestions on how to improve this paper. We would also like to thank the developers for taking the time to investigate and fix the issues found by Morpheus. This work was supported in part by the departmental startup budget NEW/SYC, GRF matching fund GRF/20/SYC, and Project Impact Enhancement Fund 3133292C from The Chinese University of Hong Kong (CUHK), as well as US Department of Defense (DARPA) Grant D19AP00039, and US National Science Foundation (NSF) grants CNS-2007512 and CNS-2006556. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the policies or endorsements of the funding agencies.
Publisher Copyright:
© 2021 Owner/Author.
PY - 2021/11/12
Y1 - 2021/11/12
N2 - This paper focuses on developing an automatic, black-box testing approach called Morpheus to check the non-compliance of libraries implementing PKCS#1-v1.5 signature verification with the PKCS#1-v1.5 standard. Non-compliance can not only make implementations vulnerable to Bleichenbacher-style RSA signature forgery attacks but also can induce interoperability issues. For checking non-compliance, Morpheus adaptively generates interesting test cases and then takes advantage of an oracle, a formally proven correct implementation of PKCS#1-v1.5 signature standard, to detect non-compliance in an implementation under test. We have used Morpheus to test 45 implementations of PKCS#1-v1.5 signature verification and discovered that 6 of them are susceptible to variants of the Bleichenbacher-style low public exponent RSA signature forgery attack, 1 implementation has a buffer overflow, 33 implementations have incompatibility issues, and 8 implementations have minor leniencies. Our findings have been responsibly disclosed and positively acknowledged by the developers.
AB - This paper focuses on developing an automatic, black-box testing approach called Morpheus to check the non-compliance of libraries implementing PKCS#1-v1.5 signature verification with the PKCS#1-v1.5 standard. Non-compliance can not only make implementations vulnerable to Bleichenbacher-style RSA signature forgery attacks but also can induce interoperability issues. For checking non-compliance, Morpheus adaptively generates interesting test cases and then takes advantage of an oracle, a formally proven correct implementation of PKCS#1-v1.5 signature standard, to detect non-compliance in an implementation under test. We have used Morpheus to test 45 implementations of PKCS#1-v1.5 signature verification and discovered that 6 of them are susceptible to variants of the Bleichenbacher-style low public exponent RSA signature forgery attack, 1 implementation has a buffer overflow, 33 implementations have incompatibility issues, and 8 implementations have minor leniencies. Our findings have been responsibly disclosed and positively acknowledged by the developers.
KW - PKCS#1 signature verification
KW - adaptive combinatorial testing
KW - non-compliance checking
KW - reference implementation
UR - http://www.scopus.com/inward/record.url?scp=85119323917&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85119323917&partnerID=8YFLogxK
U2 - 10.1145/3460120.3485382
DO - 10.1145/3460120.3485382
M3 - Conference contribution
AN - SCOPUS:85119323917
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 2474
EP - 2496
BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 15 November 2021 through 19 November 2021
ER -