Compiling symbolic attacks to protocol implementation tests

Recently efficient model-checking tools have been developed to find flaws in security protocols specifications. These flaws can be interpreted as potential attacks scenarios but the feasability of these scenarios need to be confirmed at the implementation level. However, bridging the gap between an abstract attack scenario derived from a specification and a penetration test on real implementations of a protocol is still an open issue. This work investigates an architecture for automatically generating abstract attacks and converting them to concrete tests on protocol implementations. In particular we aim to improve previously proposed blackbox testing methods in order to discover automatically new attacks and vulnerabilities. As a proof of concept we have experimented our proposed architecture to detect a renegotiation vulnerability on some implementations of SSL/TLS, a protocol widely used for securing electronic transactions.Comment: In Proceedings SCSS 2012, arXiv:1307.802

An interpolation-based method for the verification of security protocols

Interpolation has been successfully applied in formal methods for model checking and test-case generation for sequential programs. Security protocols, however, exhibit such idiosyncrasies that make them unsuitable to the direct application of interpolation. We address this problem and present an interpolation-based method for security protocol verification. Our method starts from a protocol specification and combines Craig interpolation, symbolic execution and the standard Dolev-Yao intruder model to search for possible attacks on the protocol. Interpolants are generated as a response to search failure in order to prune possible useless traces and speed up the exploration. We illustrate our method by means of concrete examples and discuss the results obtained by using a prototype implementation

A conformance test framework for the DeviceNet fieldbus

The DeviceNet fieldbus technology is introduced and discussed. DeviceNet is an open standard fieldbus which uses the proven Controller Area Network technology. As an open standard fieldbus, the device conformance is extremely important to ensure smooth operation. The error management in DeviceNet protocol is highlighted and an error injection technique is devised to test the implementation under test for the correct error-recovery conformance. The designed Error Frame Generator prototype allows the error management and recovery of DeviceNet implementations to be conformance tested. The Error Frame Generator can also be used in other Controller Area Network based protocols. In addition, an automated Conformance Test Engine framework has been defined for realising the conformance testing of DeviceNet implementations. Automated conformance test is used to achieve consistent and reliable test results, apart from the benefits in time and personnel savings. This involves the investigations and feasibility studies in adapting the ISO 9646 conformance test standards for use in DeviceNet fieldbus. The Unique Input/Output sequences method is used for the generation of DeviceNet conformance tests. The Unique Input/Output method does not require a fully specified protocol specification and gives shorter test sequences, since only specific state information is needed. As conformance testing addresses only the protocol verification, it is foreseen that formal method validation of the DeviceNet protocol must be performed at some stage to validate the DeviceNet specification

Formell Modellering och Verifiering av EAP-NOOB Protokollet

The expansion of the Internet of Things (IoT) has resulted in an increasing number of new devices communicating independently over the network with each other and with servers. This has created a need for protocols to manage the swiftly growing network. Consequently, formal verification methods have become an important part of the development process of network systems and protocols. Before implementation, the specification itself has to be shown to be reliable and secure. Nimble out-of-band authentication for EAP (EAP-NOOB) is a protocol for bootstrapping IoT devices with a minimal user interface and no pre-configured credentials. In this thesis, we create a symbolic model of the EAP-NOOB protocol with the mCRL2 modelling language and verify both its correct operation and its liveness properties with exhaustive state space exploration and model checking. Major findings relate to the recovery of the protocol after lost or corrupted messages, which could be exploited for denial-of-service attacks. We contribute to the standardisation process of the protocol by model checking the current draft specification and by suggesting improvements and clarifications to the next version. Finally, we verify the changes made to the protocol and show that they improve the overall reliability and fix the detected issues. Moreover, while modelling the protocol, we found various underspecified features and ambiguities that needed to be clarified. Furthermore, we create a test suite for testing the cryptographic implementation. By comparing message logs from the implementation with output generated by our test script, we find that incompatibilities between cryptographic libraries sometimes resulted in protocol failures.Utvidgandet av sakernas internet (IoT) har resulterat i en ökning av nya fristående apparater som kommunicerar med varandra och med servrar. Detta har skapat ett behov av protokoll för att upprätthålla det växande nätverket. Följaktligen har användning av formell verifiering blivit en viktig del av utvecklingsprocessen av nätverkssystem och protokoll. Innan ett protokoll implementeras, måste själva specifikationen bevisas vara pålitlig och säker. Nimble out-of-band authentication for EAP (EAP-NOOB) är ett protokoll för koppling av IoT-apparater med ett minimalt användargränssnitt och inga förhandskonfigurerade kreditiv. I detta examensarbete skapar vi en symbolisk modell av EAP-NOOB-protokollet med mCRL2 språket och verifierar diverse egenskaper genom tillståndsutforskning. Vi bidrar till protokollets standardiseringsprocess med förändringsförslag, visar att de förbättrar protokollets tillförlitlighet och korrigerar de upptäckta problemen. I samband med verifieringsprocessen hittade vi diverse tvetydigheter i specifikationen som korrigerades. Ytterligare presenterar vi ett testprogram för kryptografisk verifiering och datagenerering. Genom att jämföra loggfiler från implementeringen med våra genererade data visar vi att det existerar inkompatibiliteter mellan kryptografiska programbibliotek

Design and implementation of a TTCN to C translator

The conformance testing of a protocol implementation, may be logically divided into, the specification of the abstract test suite (ATS) from a formal descnption of the protocol, and the subsequent derivation of the executable test suite (ETS) from the ATS specification. Our concern here is with the latter step, in particular, the automatic derivation of an ATS expressed in the Tree and Tabular Combined Notation (TTCN) to an executable C language equivalent. This process is currently a manual one, and as a consequence is error prone, time consuming, often repetitive and not necessarily consistent. To overcome these problems, there exists the real need for a computer aided, and if possible, fully automatic solution. This study descnbes the design and implementation of a fully working TTCN subset to C language translator, which takes a TTCN ATS and produces an equivalent ETS, with a minimal amount of manual intervention. The methodology used is logically divided into three stages direct TTCN to C language mappings, implementation issues, including the generation of additional code to drive the above mappings, and test system implementation issues. The system was tested using parts of an ETSI ISDN LAPD ATS and the results showed considerable time savings against a similar manual implementation. In conclusion, suggestions are provided to the further development of the TTCN to C translator system, and discussion is given to the apphcation of this tool to a complete conformance testing system

A Tagging Protocol for Asynchronous Testing

International audienceConformance testing has a rich underlying theory popularly called IOCO-test theory. In the realm of IOCO-test theory, this paper addresses the issue of testing a component of an asynchronously communicating distributed system. Testing a system which communicates asynchronously (i.e., through some medium) with its environment is more difficult than testing a system which communicates synchronously (i.e., directly without any medium). What impedes asynchronous testing is that the actual behavior of the implementation under test (IUT) appears distorted and infinite to the tester. This impediment consequently renders the problem of generating a complete test suite, from the given specification of the IUT, infeasible. To this end, this paper contributes by proposing a tagging protocol which when implemented by the asynchronously communicating distributed system will make the problem of generating a complete test suite, from the specification of any of its component, feasible. Further, this paper describes how to generate the test suite from the given specification of the component

SymbexNet: Checking Network Protocol Implementations using Symbolic Execution

The implementations of network protocols, such as DNS, DHCP and Zeroconf, are prone to flaws, security vulnerabilities and interoperability issues caused by ambiguous requirements in protocol specifications. Detecting such problems is not easy because (i) many bugs manifest themselves only after prolonged operation; (ii) the state space of complex protocol implementations is large; and (iii) problems often require additional information about correct behaviour from specifications. This thesis presents a novel approach to detect various types of flaws in network protocol implementations by combining symbolic execution and rule-based packet matching. The core idea behind our approach is to generate automatically high-coverage test input packets for a network protocol implementation. For this, the protocol implementation is run using a symbolic execution engine to obtain test input packets. These packets are then used to detect potential violations of rules that constrain permitted input and output packets and were derived from the protocol specification. We propose a technique that repeatedly performs symbolic execution on selected test input packets to achieve broad and deep exploration of the implementation state space. In addition, we use the generated test packets to check interoperability between different implementations of the same network protocol. We present a system based on these techniques, SYMBEXNET, and show that it can automatically generate test input packets that achieve high source code coverage and discover various bugs. We evaluate SYMBEXNET on multiple implementations of two network protocols: Zeroconf, a service discovery protocol, and DHCP, a network configuration protocol. SYMBEXNET is able to discover non-trivial bugs as well as interoperability problems, most of which have been confirmed by the developers

Implementation and Evaluation of an NoC Architecture for FPGAs

The Networks-on-Chip (NoC) approach for designing Systems-on-Chip (SoC) is currently emerging as an advanced concept for overcoming the scalability and efficiency problems of traditional bus-based systems. A great deal of theoretical research has been done in this area that provides good insight and shows promising results. There is a great need for research in hardware implementation of NoC-based systems to determine the feasibility of implementing various topologies and protocols, and also to accurately determine what design tradeoffs are involved in NoC implementation. This thesis addresses the challenges of implementing an NoC-based system on FPGAs for running real benchmark applications. The NoC used a mesh topology and circuit-switched communication protocol. An experimental framework was developed that allowed implementation of NoC-based system from a high level specification, using the Celoxica Handel-C hardware description language. Two test applications: charged couple device (CCD) and JPEG were developed in Handel-C to be used as our benchmark applications. Both benchmarks are computational expensive and require large quantities of data transfer that will test the NoC system. Implementation results show that the NoC-based system gives superior area utilization and speed performance compared to the bus-based system, running the same benchmarks

Conformance Testing with Labelled Transition Systems: Implementation Relations and Test Generation

This paper studies testing based on labelled transition systems, presenting two test generation algorithms with their corresponding implementation relations. The first algorithm assumes that implementations communicate with their environment via symmetric, synchronous interactions. It is based on the theory of testing equivalence and preorder, as is most of the testing theory for labelled transition systems, and it is found in the literature in some slightly different variations. The second algorithm is based on the assumption that implementations communicate with their environment via inputs and outputs. Such implementations are formalized by restricting the class of labelled transition systems to those systems that can always accept input actions. For these implementations a testing theory is developed, analogous to the theory of testing equivalence and preorder. It consists of implementation relations formalizing the notion of conformance of these implementations with respect to labelled transition system specifications, test cases and test suites, test execution, the notion of passing a test suite, and the test generation algorithm, which is proved to produce sound test suites for one of the implementation relations

Observing the Evolution of QUIC Implementations

The QUIC protocol combines features that were initially found inside the TCP, TLS and HTTP/2 protocols. The IETF is currently finalising a complete specification of this protocol. More than a dozen of independent implementations have been developed in parallel with these standardisation activities. We propose and implement a QUIC test suite that interacts with public QUIC servers to verify their conformance with key features of the IETF specification. Our measurements, gathered over a semester, provide a unique viewpoint on the evolution of a protocol and of its implementations. They highlight the arrival of new features and some regressions among the different implementations.Comment: 6 pages, 8 figure