Security analysis of the Internet Printing Protocol (IPP)

Allgemein

Betreuer: Jens Müller

Beginn: now

Dauer: 3 months

Weitere Details: [RFC 2910] [RFC 2911]

Beschreibung

The Internet Printing Protocol (IPP) is widely used in print servers like CUPS and directly supported by modern printers, running as a network service on port 631/tcp. Recent research at the chair for network and data security shows that IPP can be used as a carrier to deploy malicious PostScript or PJL payloads. However, the protocol itself has interesting features that may be critical from a security point of view. For example, the possibility to pass the URL of a document instead of the actual document to be printed may lead to server side request forgery (SSRF) and other kinds of attacks.

The goal of this the­sis is a systematic study of the IPP standard and an identification of features that could be exploited by an attacker. Furthermore, a proof-of-concept IPP testing tool is to be written.

Voraussetzungen

  • Programmierkenntnisse (z.B. Python oder andere Skriptsprache)
  • Die Ar­beit soll­te in eng­li­scher Spra­che ver­fasst wer­den
  • Diese Ar­beit kann ggf. auch als eine Mas­ter­ar­beit be­ar­bei­tet wer­den. Der Auf­wand kann dabei an­ge­passt wer­den.