WOLF
Investigating the performance of fuzzers on Wireguard Go
|
Confidentiality
|
Authenticity
|
Integrity
| Confidentiality | Authenticity | Integrity
Overview
Businesses, universities, and governments rely on networks to transport critical confidential data. As a result VPNs are widely used for network security as they provide confidentiality, authentication, and integrity.
WireGuard is a modern, light-weight alternative to older VPN protocols that has gained considerable popularity following its inception.
Fuzzers are a popular and effective tool for discovering vulnerabilities in software, however, there is a lack of systematic studies on fuzzing implementations of VPNs.
Objectives
This project had two primary objectives. To explore the feasibility of using fuzzers to test Wireguard-go and investigate how parameters, such as persistent connections, mutation strategies, and the number of fields mutated at a time impact the efficiency and performance of the fuzzers used.
The fuzzers used
-
a smart fuzzer capable of both generation- and mutation- based fuzzing first released in 2004.
-
the successor of Sully, released in 2018.
Notable results
Persistent vs Non-persistent
Maximum Fields Mutated
The most notable finding was that restarting the process on each iteration incurs significant overhead. The persistent case performed 50 times better than the non-persistent case. Thus, restarting the process on each iteration should be avoided as far as possible.
While the number of fields fuzzed, the maximum fields mutated per iteration, and the mutation strategies used did influence performance, the performance impact was minimal. Therefore, the impact of these parameters on performance does not justify allowing these parameters to dictate decision-making when designing tests.
The Team
Thalia Hawthorn
Michal Sacks
Student
Student
Dr Josiah Chavula
Supervisor
Marco Slaviero
Supervisor
Prof. Aslam Safla
Second reader