3,069 research outputs found
Observing the Evolution of QUIC Implementations
The QUIC protocol combines features that were initially found inside the TCP,
TLS and HTTP/2 protocols. The IETF is currently finalising a complete
specification of this protocol. More than a dozen of independent
implementations have been developed in parallel with these standardisation
activities.
We propose and implement a QUIC test suite that interacts with public QUIC
servers to verify their conformance with key features of the IETF
specification. Our measurements, gathered over a semester, provide a unique
viewpoint on the evolution of a protocol and of its implementations. They
highlight the arrival of new features and some regressions among the different
implementations.Comment: 6 pages, 8 figure
Automated Inference System for End-To-End Diagnosis of Network Performance Issues in Client-Terminal Devices
Traditional network diagnosis methods of Client-Terminal Device (CTD)
problems tend to be laborintensive, time consuming, and contribute to increased
customer dissatisfaction. In this paper, we propose an automated solution for
rapidly diagnose the root causes of network performance issues in CTD. Based on
a new intelligent inference technique, we create the Intelligent Automated
Client Diagnostic (IACD) system, which only relies on collection of
Transmission Control Protocol (TCP) packet traces. Using soft-margin Support
Vector Machine (SVM) classifiers, the system (i) distinguishes link problems
from client problems and (ii) identifies characteristics unique to the specific
fault to report the root cause. The modular design of the system enables
support for new access link and fault types. Experimental evaluation
demonstrated the capability of the IACD system to distinguish between faulty
and healthy links and to diagnose the client faults with 98% accuracy. The
system can perform fault diagnosis independent of the user's specific TCP
implementation, enabling diagnosis of diverse range of client devicesComment: arXiv admin note: substantial text overlap with arXiv:1207.356
Prognosis: Closed-box analysis of network protocol implementations
We present Prognosis, a framework offering automated closed-box learning and analysis of models of network protocol implementations. Prognosis can learn models that vary in abstraction level from simple deterministic automata to models containing data operations, such as register updates, and can be used to unlock a variety of analysis techniques - model checking temporal properties, computing differences between models of two implementations of the same protocol, or improving testing via model-based test generation. Prognosis is modular and easily adaptable to different protocols (e.g. TCP and QUIC) and their implementations. We use Prognosis to learn models of (parts of) three QUIC implementations - Quiche (Cloudflare), Google QUIC, and Facebook mvfst - and use these models to analyse the differences between the various implementations. Our analysis provides insights into different design choices and uncovers potential bugs. Concretely, we have found critical bugs in multiple QUIC implementations, which have been acknowledged by the developers
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
Intel Software Guard Extension (SGX) offers software applications enclave to
protect their confidentiality and integrity from malicious operating systems.
The SSL/TLS protocol, which is the de facto standard for protecting
transport-layer network communications, has been broadly deployed for a secure
communication channel. However, in this paper, we show that the marriage
between SGX and SSL may not be smooth sailing.
Particularly, we consider a category of side-channel attacks against SSL/TLS
implementations in secure enclaves, which we call the control-flow inference
attacks. In these attacks, the malicious operating system kernel may perform a
powerful man-in-the-kernel attack to collect execution traces of the enclave
programs at page, cacheline, or branch level, while positioning itself in the
middle of the two communicating parties. At the center of our work is a
differential analysis framework, dubbed Stacco, to dynamically analyze the
SSL/TLS implementations and detect vulnerabilities that can be exploited as
decryption oracles. Surprisingly, we found exploitable vulnerabilities in the
latest versions of all the SSL/TLS libraries we have examined.
To validate the detected vulnerabilities, we developed a man-in-the-kernel
adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL
library running in the SGX enclave (with the help of Graphene) and completely
broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only
57286 queries. We also conducted CBC padding oracle attacks against the latest
GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS
(i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it
only needs 48388 and 25717 queries, respectively, to break one block of AES
ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can
be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US
Dynamic Protocol Reverse Engineering a Grammatical Inference Approach
Round trip engineering of software from source code and reverse engineering of software from binary files have both been extensively studied and the state-of-practice have documented tools and techniques. Forward engineering of protocols has also been extensively studied and there are firmly established techniques for generating correct protocols. While observation of protocol behavior for performance testing has been studied and techniques established, reverse engineering of protocol control flow from observations of protocol behavior has not received the same level of attention. State-of-practice in reverse engineering the control flow of computer network protocols is comprised of mostly ad hoc approaches. We examine state-of-practice tools and techniques used in three open source projects: Pidgin, Samba, and rdesktop . We examine techniques proposed by computational learning researchers for grammatical inference. We propose to extend the state-of-art by inferring protocol control flow using grammatical inference inspired techniques to reverse engineer automata representations from captured data flows. We present evidence that grammatical inference is applicable to the problem domain under consideration
- …