IEEE Access (Jan 2018)

A Novel Key Agreement Protocol Based on RET Gadget Chains for Preventing Reused Code Attacks

  • Wu Fusheng,
  • Zhang Huanguo,
  • Ni Mingtao,
  • Wang Jun,
  • Ji Zhaoxu

DOI
https://doi.org/10.1109/ACCESS.2018.2879852
Journal volume & issue
Vol. 6
pp. 70820 – 70830

Abstract

Read online

Attackers exploit vulnerabilities to change RET gadget chains and control the order of program execution, threatening the security of software implementations. For example, memory overflow attacks and remote shellcode attacks will lead to the leak of information. The previous key agreement protocols have not considered the security of protocol implementations at the source code level. As a result, when used on the networks (like wireless sensor networks, SAE/LTE networks, IOT networks, and cloud computing environment), they often suffer from vulnerabilities. To solve these problems, a novel key agreement protocol is proposed on the base of the RET gadget chain in this paper. The novel key agreement protocol not only considers the security of cryptographic techniques and the integrity of the control flow when executing programs, they can also prevent the attacks from the vulnerabilities during implementation at the source code level. At the same time, its security analysis and experiments conducted are presented in this paper. It has been shown in the experiments that the novel key agreement protocol can prevent code reuse attacks in the process of implementation at the source code level, and its performances (like time overheads and security) are better than those of other common key agreement protocols.

Keywords