Message Syntax Research Articles

MSFuzz: Augmenting Protocol Fuzzing with Message Syntax Comprehension via Large Language Models

Network protocol implementations, as integral components of information communication, are critically important for security. Due to its efficiency and automation, fuzzing has become a popular method for protocol security detection. However, the existing protocol-fuzzing techniques face the critical problem of generating high-quality inputs. To address the problem, in this paper, we propose MSFuzz, which is a protocol-fuzzing method with message syntax comprehension. The core observation of MSFuzz is that the source code of protocol implementations contains detailed and comprehensive knowledge of the message syntax. Specifically, we leveraged the code-understanding capabilities of large language models to extract the message syntax from the source code and construct message syntax trees. Then, using these syntax trees, we expanded the initial seed corpus and designed a novel syntax-aware mutation strategy to guide the fuzzing. To evaluate the performance of MSFuzz, we compared it with the state-of-the-art (SOTA) protocol fuzzers, namely, AFLNET and CHATAFL. Experimental results showed that compared with AFLNET and CHATAFL, MSFuzz achieved average improvements of 22.53% and 10.04% in the number of states, 60.62% and 19.52% improvements in the number of state transitions, and 29.30% and 23.13% improvements in branch coverage. Additionally, MSFuzz discovered more vulnerabilities than the SOTA fuzzers.

КОДУВАННЯ ТА ДЕКОДУВАННЯ КАДРІВ ЛОКАЛЬНОЇ МЕРЕЖІ КОНТРОЛЕРІВ ЗА ДОПОМОГОЮ БАЗИ ДАНИХ CAN

The article examines the features of building a Controller Area Network (CAN) in the automotive industry. The main steps for encoding and decoding physical values in CAN and CAN FD (CAN with flexible data rate) frames are provided. The syntax of messages and signals in CAN DBC has been analyzed. An example of a DBC file that can be used to encode and decode the speed and engine speed of a truck is reviewed. Based on the Linux operating system and the python programming language, an experimental scheme of a virtual controller area network was created, which encodes data on one node and decodes data on the other using CAN DBC.

Securing the Automatic Identification System (AIS): Using public key cryptography to prevent spoofing whilst retaining backwards compatibility

AbstractThe civilian Automatic Identification System (AIS) has no inherent protection against spoofing. Spoofed AIS messages have the potential to interfere with the safe navigation of a vessel by, amongst other approaches, spoofing maritime virtual aids to navigation and/or differential global navigation satellite system (DGNSS) correction data conveyed across it. Acting maliciously, a single transmitter may spoof thousands of AIS messages per minute with the potential to cause considerable nuisance; compromising information provided by AIS intended to enhance the mariner's situational awareness. This work describes an approach to authenticate AIS messages using public key cryptography (PKC) and thus provide unequivocal evidence that AIS messages originate from genuine sources and so can be trusted. Improvements to the proposed AIS authentication scheme are identified which address a security weakness and help avoid false positives to spoofing caused by changes to message syntax. A channel loading investigation concludes that sufficient bandwidth is available to routinely authenticate all AIS messages whilst retaining backwards compatibility by carrying PKC ‘digital signatures’ in a separate VHF Data Exchange System (VDES) side channel.

Employing scrambled alpha-numeric randomization and RSA algorithm to ensure enhanced encryption in electronic medical records

Diverse business sectors want to ensure that their data is secure and remains confidential. A major solution to the problem of data insecurity is the concept of cryptography. Various cryptographic algorithms have been developed over the years in order to ensure maximum level of message security during transmission over insecure mediums. There is no doubt that these algorithms have been able to remarkably curb the issue of data insecurity and reduce cyber-attacks. Both asymmetric cryptographic algorithms and symmetric cryptographic algorithms are secure. However for the purpose of this paper emphasis will be laid on asymmetric cryptography. Hence, this paper emphasizes on popular asymmetric algorithms like the RSA Cryptographic algorithm. In this paper we propose a secure means of data encryption and decryption by applying the concept of scrambled alpha-numeric randomization to provide a clear understanding of the operational mechanism of the RSA algorithm during the encryption and decryption process. The scrambled alpha-numeric randomization technique employs a unique numbering and or lettering sequence to every letter of the alphabet in the case of every new message receiver. This approach also implements the cryptographic message syntax as well as the use of American standard code for information interchange (ASCII) encoding. Furthermore, the understanding of this approach will encourage new ideas for further advancements and improvement of the existing RSA cryptographic algorithm. However, the major advantage will be to increase the security of data and ensure proper authentication of data.

Reverse Engineering of Network Software Binary Codes for Identification of Syntax and Semantics of Protocol Messages

Reverse Engineering of Network Software Binary Codes for Identification of Syntax and Semantics of Protocol Messages

A positional keyword-based approach to inferring fine-grained message formats

Message format extraction, the process of revealing the message syntax without access to the protocol specification, is important for a variety of applications such as service virtualization and network security. In this paper, we propose P-token, which mines fine-grained message formats from network traces. The novelty of our approach is twofold: a ‘positional keyword’ identification technique and a two-level hierarchical clustering strategy. Positional keywords are based on the insight that keywords or reserved words usually occur at relatively fixed positions in the messages. By associating positions as meta-information with keywords, we can more accurately distinguish keywords from message payload data. After identification, the positional keywords are used as features to cluster the messages using density peaks clustering. We then perform another level of clustering to refine the clusters with low homogeneity. Finally, the message format of each cluster is extracted based on the observed ordering of keywords. P-token improves on the current state-of-the-art techniques by successfully addressing two challenges that commonly afflict existing keyword based format extraction methods: message keyword mis-identification and message format over-generalization. We have conducted experiments on services and applications using various protocols, including SOAP, LDAP, IMS and a RESTful service. Our experimental results show that P-token outperforms existing methods in extracting message formats.

Protected Message Processing in Distributed Systems on the Basis of Cryptographic Message Syntax

Protected Message Processing in Distributed Systems on the Basis of Cryptographic Message Syntax

Towards interactive networking: Runtime message inference approach for incompatible protocol updates in IoT environments

As IoT (Internet of Things) devices become pervasive in our surroundings, it is more important for them to dynamically discover and interact with nearby IoT devices. However, as interaction protocols are often updated without backward compatibility, interaction opportunities between smart objects may disappear. To overcome this, we can apply existing works which try to adapt one interaction protocol to another at runtime, assuming their specifications are given. However, they cannot generate a valid adapter if the specification of the updated protocol syntax is not available. Automatic protocol reverse engineering methods can extract protocol message syntax without prior knowledge, but they cannot be applied to a runtime scenario. In this paper, we propose SeM2Bit, an efficient protocol message inference scheme which adapts a legacy protocol’s message based on protocol domain knowledge. Iterative message adaptations make a legacy protocol agent interact with its updated but incompatible version at runtime and have a meaningful interaction without the corresponding specification. The experiment result shows that the use of knowledge is effective to make a meaningful interaction between the incompatible versions with a reasonably small number of message adaptations.

The Apollo Structured Vocabulary: an OWL2 ontology of phenomena in infectious disease epidemiology and population biology for use in epidemic simulation.

BackgroundWe developed the Apollo Structured Vocabulary (Apollo-SV)—an OWL2 ontology of phenomena in infectious disease epidemiology and population biology—as part of a project whose goal is to increase the use of epidemic simulators in public health practice. Apollo-SV defines a terminology for use in simulator configuration. Apollo-SV is the product of an ontological analysis of the domain of infectious disease epidemiology, with particular attention to the inputs and outputs of nine simulators.ResultsApollo-SV contains 802 classes for representing the inputs and outputs of simulators, of which approximately half are new and half are imported from existing ontologies. The most important Apollo-SV class for users of simulators is infectious disease scenario, which is a representation of an ecosystem at simulator time zero that has at least one infection process (a class) affecting at least one population (also a class). Other important classes represent ecosystem elements (e.g., households), ecosystem processes (e.g., infection acquisition and infectious disease), censuses of ecosystem elements (e.g., censuses of populations), and infectious disease control measures.In the larger project, which created an end-user application that can send the same infectious disease scenario to multiple simulators, Apollo-SV serves as the controlled terminology and strongly influences the design of the message syntax used to represent an infectious disease scenario. As we added simulators for different pathogens (e.g., malaria and dengue), the core classes of Apollo-SV have remained stable, suggesting that our conceptualization of the information required by simulators is sound.Despite adhering to the OBO Foundry principle of orthogonality, we could not reuse Infectious Disease Ontology classes as the basis for infectious disease scenarios. We thus defined new classes in Apollo-SV for host, pathogen, infection, infectious disease, colonization, and infection acquisition. Unlike IDO, our ontological analysis extended to existing mathematical models of key biological phenomena studied by infectious disease epidemiology and population biology.ConclusionOur ontological analysis as expressed in Apollo-SV was instrumental in developing a simulator-independent representation of infectious disease scenarios that can be run on multiple epidemic simulators. Our experience suggests the importance of extending ontological analysis of a domain to include existing mathematical models of the phenomena studied by the domain. Apollo-SV is freely available at: http://purl.obolibrary.org/obo/apollo_sv.owl.

Design and Implementation of Fuzzing Framework Based on IoT Applications

Nowadays the most serious security problems are imperfection in the implementations of network protocols. This imperfection can bring a lot of vulnerabilities such as could allow malicious user to attack the systems remotely using the network protocols over the internet. That is why developers value software security phases involving review of code, risk analysis, testing with penetration, and Fuzzing. In case of Fuzz testing, the main aim is to find vulnerabilities in the software/application by sending inputs which are not expected to the target. Then they monitor the situation of the target. Many applications in Internet of things (IoT) (http://en.wikipedia.org/wiki/Internet_of_Things) environments are working with File Transfer Protocol (FTP) based applications. In this study, we present a fuzzing framework, which is applied to test network protocol implementations. It is extendable, man-in-the-middle, smart, and mostly deterministic. Our tool, like AutoFuzz (Gorbunov and Rosenbloom in AutoFuzz: automated network protocol fuzzing framework, Department of Mathematical and Computation Sciences, University of Toronto Mississauga, Canada L5L 1C6, 2010), has the ability to learn a given protocol implementation by building a finite state automaton from records of communication traces between a client and the server. Additionally, this tool has the ability to learn syntax of individual messages at a lower level using the techniques of bioinformatics (Beddoe in Network protocol analysis using bioinformatics algorithms, http://www.4tphi.net/~awalters/PI/pi.pdf). At last, this framework can fuzz a given server protocol specification by changing the communication traces between the server and client. We applied it to multiple implementations of FTP server, with result of finding new and known vulnerabilities.

Introducing keytagging, a novel technique for the protection of medical image-based tests

This paper introduces keytagging, a novel technique to protect medical image-based tests by implementing image authentication, integrity control and location of tampered areas, private captioning with role-based access control, traceability and copyright protection. It relies on the association of tags (binary data strings) to stable, semistable or volatile features of the image, whose access keys (called keytags) depend on both the image and the tag content. Unlike watermarking, this technique can associate information to the most stable features of the image without distortion. Thus, this method preserves the clinical content of the image without the need for assessment, prevents eavesdropping and collusion attacks, and obtains a substantial capacity-robustness tradeoff with simple operations. The evaluation of this technique, involving images of different sizes from various acquisition modalities and image modifications that are typical in the medical context, demonstrates that all the aforementioned security measures can be implemented simultaneously and that the algorithm presents good scalability. In addition to this, keytags can be protected with standard Cryptographic Message Syntax and the keytagging process can be easily combined with JPEG2000 compression since both share the same wavelet transform. This reduces the delays for associating keytags and retrieving the corresponding tags to implement the aforementioned measures to only ≃30 and ≃90ms respectively. As a result, keytags can be seamlessly integrated within DICOM, reducing delays and bandwidth when the image test is updated and shared in secure architectures where different users cooperate, e.g. physicians who interpret the test, clinicians caring for the patient and researchers.

Telebiometric Authentication Objects

This paper describes a method for achieving strong, low cost multi-factor authentication on the Internet of Things that is convenient for people to use. Authentication relies on tagged objects functioning with biometric sensors connected to a telecommunications network. Access control systems based on these telebiometric authentication objects do not require users to carry individually assigned security tokens, remember complex passwords, or possess and manage cryptographic keys and public key certificates. Authentication decisions are based on previously registered person-object associations created using cryptographic techniques that bind the biometric reference template of an individual to one or more tagged objects. Trusted person-object bindings are formed using digital signature or signcryption techniques based on certificates in a public key infrastructure. Cryptographic message syntax is defined that can be used to provide data integrity and origin authenticity services for telebiometric authentication objects and messages, and to protect the confidentiality of personally identifiable and other sensitive information.

INTEROPERABLE SUPPLY-CHAIN APPLICATIONS: MESSAGE METAMODEL-BASED SEMANTIC RECONCILIATION OF B2B MESSAGES

Supply-chain applications exchange numerous electronic business-to-business (B2B) messages of varied types. Traditionally, prior to a message exchange, partners adopt one particular message specification that constrains message structure and syntax to implement compatible application message interfaces. However, in open, dynamic supply-chains, the applications need to interact even though their message interfaces are based on different, yet incompatible message specifications. To achieve such interactions, we propose the Message Metamodel-based semantic reconciliation of B2B messages. The Message Metamodel is a novel, ontological form that provides for common representation of B2B message specifications and messages of various syntaxes, such as Extensible Markup Language (XML) or Electronic Data Interchange (EDI). The experimental investigation showed that proposed semantic reconciliation architecture built atop the Message Metamodel (1) insulates the reconciliation activities from the specific message syntaxes, (2) supports the reconciliation of messages irrespective of message standards used, and (3) enables seamless interoperable message exchange between heterogeneous supply-chain applications.

Virtual Community Presence in Internet Relay Chatting

This article presents a method based on Jones' “virtual settlement” theory for testing empirically for the presence of virtual community in Internet Relay Chatting (IRC), The conditions for virtual community proposed by Jones are related to the technological context of IRC and formulated as conceptual hypotheses. The author argues that sustained level of co-appearance and nickname stability should be included in testing. Interactivity analysis should include both verbal exchanges and action-simulating messages. Analysis of message references should be done in terms of message content as well as message syntax. Major issues related to research design and implementation are discussed in depth.

Converged ‘user integration’ provided as a mediated service

In the world of machine-to-machine interaction, the success of Web Services technology owes much to its ability to define a contract between applications independent of the host machines’ underlying hardware and the transport mechanism linking them. With this contract, applications know what to expect of one another and this provides a solid foundation for integration. The resulting business process improvements translate directly into saved costs and new business opportunities. However, these workflow improvements typically come to a grinding halt whenever real-time input from consumers is required since there is currently no way to effectively construct the same sort of contract for spontaneous person-tomachine interactions as Web Services provides for machine-to-machine interaction. The consumer-to-machine link is characterised by reliability, availability, trust and conformance to message syntax all being in unbearable deficit … and all of that deficit being due to the user ‘component’ rather than the machine! For this reason, the solution designer will typically consider the user to be effectively unavailable and ‘park’ the workflow in a suitable state pending user intervention at some later date. If a mechanism were available to transform the user into a reliable, highly available, trusted component of the overall workflow system which always rendered its requests/responses in machine-readable form to an agreed syntax then that ‘component’ (the user) could be included in automated processes directly. This integration of the user into the workflow would have far-reaching impact on the way systems are designed and operated, providing the user with much greater control of service delivery and improving the overall service experience. This paper describes a prototype system and how the operator of such a system can support users employing a multitude of devices connected over various networks and offer to third parties a facility whereby they can very easily conduct structured interactions with those users in real time, on the device of their preference, without them requiring any knowledge of those users’ devices, addresses, networks, presence or device preferences. The users are restricted to supplying only valid messages which are forwarded to the third party in machine-readable format in order that their service logic can act on them automatically. The paper goes on to propose further opportunities arising from the ownership of such a facility.

GCI—A tool for developing interactive cad user interfaces

AbstractGCI is a Unix‐based tool for developing interactive CAD programs. By separating command/ menu definitions from the progam, GCI makes it easier to change and extend the user interface. The language provided by GCI is used to define the syntax of commands, menus, messages, and help text. Generally, GCI supports a static hierarchical structure of commands and menus. However, through a program interface, an application program has the freedom to change environments, commands and menus. This flexibility of run‐time control of the user interface is essential for developing highly responsive interfaces in a CAD environment.This paper presents the main concepts and definition language of GCI. It then discusses architectural and implementation issues, and finally presents a typical application's view of using the tool.