文章基本信息

标题：Analysis of HTTP Protocol Implementation in Smart Card Embedded Web Server
本地全文：下载
作者：nassima kamel ; Jean-Louis Lanet
期刊名称：International Journal of Information and Network Security (IJINS)
印刷版ISSN：2089-3299
出版年度：2013
卷号：2
期号：5
页码：417-428
DOI：10.11591/ijins.v2i5.3115
语种：English
出版社：Institute of Advanced Engineering and Science
摘要：The latest generation of smart card embeds an HTTP web server which facilitates the integration of smart card into the existing networks and provides more services and custom interfaces. It also helps the developers to simplify the use of new programming model (servlets). However, due to the sensitive information stored and the resource constraints with which the technology is running, it is necessary to test it deeply. Our aim is to detect bugs and vulnerabilities and non-compliance of the HTTP embedded web server. For that purpose, we used the fuzzing technique which consists of injecting invalid or random data on various inputs of the software to be tested. Our fuzzing tool, Smart-Fuzz is based on the Peach framework customised to our needs. Moreover, working in black box, we created the PyHAT application to collect maximum information of the target features. Thus, we can reduce the amount of protocol functionalities to be analysed. The results generated in the log files are finally analyzed to understand the behaviour of the application and to detect if some fuzzed data has succeeded to take up the vulnerabilities.