Xia Yin,ZhiLiang Wang,ChuanMing Jing,XinGang Shi

DOI: https://doi.org/10.1007/s11432-008-0156-4

2008-01-01

Abstract:The protocol testing technology used in the next generation Internet should satisfy some new challenges and requirements. This paper focuses on the test suite description and test implementation techniques. TTCN-3 is chosen as the test suite description language and extended in both syntax and semantics to satisfy the requirements of protocol robustness testing. PITSv3, a protocol integrated testing system based on TTCN-3, is developed, and the extensions for robustness testing are implemented. Finally, two practical test applications are presented.

Shamim Ripon,Sumaya Mahbub,K. M. Intiaz-ud-Din

DOI: https://doi.org/10.7763/IJET.2013.V5.553

2014-03-08

Abstract:The advancement of mobile and wireless communication technologies in recent years introduced various adaptive protocols to adapt the need for secured communications. Security is a crucial success factor for any communication protocols, especially in mobile environment due to its ad hoc behavior. Formal verification plays an important role in development and application of safety critical systems. Formalized exhausted verification techniques to analyze the security and the safety properties of communications protocols increase and confirm the protocol confidence. SPIN is a powerful model checker that verifies the correctness of distributed communication models in a rigorous and automated fashion. This short paper proposes a SPIN based formal verification approach of a security adaptive protocol suite. The protocol suite includes a neighbor discovery mechanism and routing protocol. Both parts of the protocol suite are modeled into SPIN and exhaustively checked various temporal properties which ensure the applicability of the protocol suite in real-life applications.

Networking and Internet Architecture

Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1109/hpcc.2014.115

2014-01-01

Abstract:With the development of the industrial informatization, the problems of security in field device layer have been gradually exposed, which mainly involves specified industrial communication protocols. Clock synchronization protocol, as one of the most important industrial communication protocols, ensures the real-time performance of industrial control system. Considering that the related researches have not yet formed a mature system, we propose a new method for analyzing the vulnerability of clock synchronization protocol in this article. In this method, SPN(stochastic petri net) is introduced as a modeling tool, while IEEE 1588 PTP clock synchronization protocol is regarded as the research object. An SPN(stochastic petri net) model is strictly built according to the protocol. Then, steady-state probability expressions are obtained by the isomorphic Markov chain. Through changing trigger rate of transitions of several pivotal states which are related to vulnerability, the influences of each parameter has on the model could be quantitatively reflected in the result of simulation in order to analyze vulnerability of clock synchronization protocol by determining the critical factors that affect protocol's vulnerability.

Chuanming Jing,Zhiliang Wang,Xingang Shi,Xia Yin,Jianping Wu

DOI: https://doi.org/10.1109/AINA.2008.98

2008-01-01

Abstract:The critical requirement on reliability, fault-tolerance and security of network devices highlights the necessity of protocol robustness testing. Mutation testing of protocol messages is an important part of robustness testing, but related theory and practices are not well developed. This paper builds a NFSM model for mutation testing of protocol messages and proposes two types of normal-verification sequence to enhance verdict mechanism. For single-field mutation testing of protocol messages, we propose the concept of compound anomalous test case to further simplify test sequences. As a standard test specification language, TTCN-3 reveals strong excellence in conformance testing, so we apply TTCN-3 to mutation testing and extend it according to test requirements. Using our method we test OSPFv2 sufficiently with a test system based on extended TTCN-3. The results indicate that our method has good capability of error-finding.

R Pradeep,N.R Sunitha,V Ravi,Sushma Verma

DOI: https://doi.org/10.1109/icccnt45670.2019.8944623

2019-07-01

Abstract:Designing a perfect security protocol is a difficult task and requires a good effort and knowledge of Cryptography which is an art of secret writing. In order to achieve high reliability of security protocols, the testing technique is not suitable, because the testing technique has got many drawbacks. To achieve high reliability of security protocols, proving the correctness of security protocols is very much essential. To prove and verify the correctness of security protocols the Formal Verification technique is the best solution because it provides the mathematical proof for the correctness of security protocols. TACACS+ (Terminal Access Controller Access-Control System Plus) [6] is one the important security protocol used by most of the Cisco network communication devices to provide Authentication, Authorization, and Accountability (popularly known as AAA services) services to the host devices. In the proposed work, the TACACS+ security protocol is formally verified using the Model Checking technique. Using the Scyther [12] model checker the Confidentiality and Authentication security properties of TACACS+ security protocol is successfully verified.

Thi Minh Chau Le,Xuan Thang Pham,Vinh Thinh Le

DOI: https://doi.org/10.54644/jte.2024.1523

2024-02-28

Journal of Technical Education Science

Abstract:In the dynamic field of Internet security, verifying and analyzing security protocols is crucial for ensuring secure and effective communication. This paper presents an analysis of leading tools used for the verification, falsification, and analysis of security protocols, focusing particularly on Scyther and Tamarin. We examine the methodologies, capabilities, and applications of these tools in various contexts, including cloud computing and IoT, highlighting their unique approaches and contributions to the field. The paper starts with an examination of the Scyther tool, emphasizing its innovative approach to automated falsification and verification, and its application in multi-protocol analysis. We then transition to exploring the use of Scyther in verifying key agreement protocols in cloud computing. A comparative analysis of Scyther and Tamarin is also presented, shedding light on their effectiveness in identifying security properties and revealing the strengths and weaknesses of different protocols. This is further enriched by a detailed look at the unbounded verification capabilities of Scyther. Additionally, the paper covers the capabilities of the Tamarin prover, exploring its advanced features in symbolic analysis, its ability to handle complex security properties, and its application in verifying protocol implementations. Through this paper, we aim to provide a comprehensive overview of the current landscape in security protocol verification, offering insights into the methodologies, challenges, and future directions in this essential area of research.

Kaled Alshmrany,Lucas Cordeiro

DOI: https://doi.org/10.48550/arXiv.2001.09592

2020-01-27

Cryptography and Security

Abstract:Implementations of network protocols are often prone to vulnerabilities caused by developers' mistakes when accessing memory regions and dealing with arithmetic operations. Finding practical approaches for checking the security of network protocol implementations has proven to be a challenging problem. The main reason is that the protocol software state-space is too large to be explored. Here we propose a novel verification approach that combines fuzzing with symbolic execution to verify intricate properties in network protocol implementations. We use fuzzing for an initial exploration of the network protocol, while symbolic execution explores both the program paths and protocol states, which were uncovered by fuzzing. From this combination, we automatically generate high-coverage test input packets for a network protocol implementation. We surveyed various approaches based on fuzzing and symbolic execution to understand how these techniques can be effectively combined and then choose a suitable tool to develop further our model on top of it. In our preliminary evaluation, we used ESBMC, Map2Check, and KLEE as software verifiers and SPIKE as fuzzer to check their suitability to verify our network protocol implementations. Our experimental results show that ESBMC can be further developed within our verification framework called \textit{FuSeBMC}, to efficiently and effectively detect intricate security vulnerabilities in network protocol implementations.

Yang Xiang,Zhiliang Wang,Xia Yin

DOI: https://doi.org/10.1109/WAINA.2009.19

2009-01-01

Abstract:Providing flexibility and extensibility, SIP has recently gained significant attention in many areas. Critical requirements on reliability, fault tolerance and security highlight the necessity of SIP robustness testing. There are only a few researches on SIP robustness testing. The biggest challenge is the anomalous message generation. This paper proposes a method and architecture for SIP robustness testing based on TTCN-3, and presents a method for auto-generating large numbers of anomalous message. Based on these, we adopt compound test case to simplify the test suite, and use normal verification sequence to enhance the verdict mechanism. Our method and architecture is extensible for other text based protocols. The test practice on four SIP entities indicate that, our method is efficient to SIP robustness testing, and the test results can provide helpful reference to the upgrade of SIP products.

Jacob Ginesin,Max von Hippel,Evan Defloor,Cristina Nita-Rotaru,Michael Tüxen

2024-03-09

Abstract:SCTP is a transport protocol offering features such as multi-homing, multi-streaming, and message-oriented delivery. Its two main implementations were subjected to conformance tests using the PacketDrill tool. Conformance testing is not exhaustive and a recent vulnerability (CVE-2021-3772) showed SCTP is not immune to attacks. Changes addressing the vulnerability were implemented, but the question remains whether other flaws might persist in the protocol design. We study the security of the SCTP design, taking a rigorous approach rooted in formal methods. We create a formal Promela model of SCTP, and define 10 properties capturing the essential protocol functionality based on its RFC specification and consultation with the lead RFC author. Then we show using the Spin model checker that our model satisfies these properties. We define 4 attacker models - Off-Path, where the attacker is an outsider that can spoof the port and IP of a peer; Evil-Server, where the attacker is a malicious peer; Replay, where an attacker can capture and replay, but not modify, packets; and On-Path, where the attacker controls the channel between peers. We modify an attack synthesis tool designed for transport protocols, Korg, to support our SCTP model and four attacker models. We synthesize 14 unique attacks using the attacker models - including the CVE vulnerability in the Off-Path attacker model, 4 attacks in the Evil-Server attacker model, an opportunistic ABORT attack in the Replay attacker model, and eight connection manipulation attacks in the On-Path attacker model. We show that the proposed patch eliminates the vulnerability and does not introduce new ones according to our model and protocol properties. Finally, we identify and analyze an ambiguity in the RFC, which we show can be interpreted insecurely. We propose an erratum and show that it eliminates the ambiguity.

Cryptography and Security

Tieming Chen,Zhenbo Yu,Shijian Li,Bo Chen

DOI: https://doi.org/10.1155/2016/8797568

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the nodemobility related specification for modeling location-based node activity. Then, the traditional Dolev Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

ZHANG Yu-qing,WANG Lei,XIAO Guo-zhen,WU Jian-ping

2000-01-01

Journal of Software

Abstract:It is an important and hard problem in the area of computer network security to analyze cryptographic protocols. A methodology is presented using a model checke r of formal methods, SMV (symbolic model verifier), to analyze the well known Ne edham-Schroeder Public-Key Protocol. The SMV is used to discover an attack upo n the protocol, which has never been discovered by BAN logic. Finally, the proto col is adapted, and then the SMV is used to show that the new protocol is secure .

Shameng Wen,Qingkun Meng,Chao Feng,Chaojing Tang

DOI: https://doi.org/10.1371/journal.pone.0186188

IF: 3.7

2017-10-19

PLoS ONE

Abstract:Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

Xuemei Ding,Meisong Li,Yamin Wei,Lu Yuan

DOI: https://doi.org/10.1088/1742-6596/1648/3/032137

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract With the rapid development of Internet, network security protocol plays an increasingly important role, which will enhance the security and stability of computer communication. Network security protocol can control the application process of computer communication technology, which will improve the computing communication environment. Through security protocol, we can guarantee the security of computer communication technology. In CTC system, this paper analyzes the practical application of computer security protocol. Through security protocol, we can guarantee the practical application effect of computer communication technology, which will promote the strengthening of security protocol in the future. In practical work, the security protocol will transfer information and data through a variety of methods, such as key distribution, identity authentication, data encryption and so on. Firstly, this paper analyzes the common security protocols. Then, this paper analyzes the role of security protocol.

English Else

Yahui Yang,Yunfei Chen,Min Xia,Juan Ma

DOI: https://doi.org/10.1109/IAS.2009.224

2009-01-01

Abstract:Aiming at automated security test on communication protocols, this paper proposes an automated manipulation mechanism of testing procedure based on FSM (Finite State Machine), and designs an automated packet generation mechanism based on a protocol template library. The practical experiments and applications show that the automated security testing platform of communication protocols based on this mechanism can implement the correct evaluations, be convenient to construct the testing procedure, generate automatically test packet sequence and have smaller packet control granularity. It can be used for the systematic and efficient infiltrative security test.

罗安安,林闯,王元卓,邓法超,陈震

DOI: https://doi.org/10.3724/SP.J.1016.2009.00887

2009-01-01

Chinese Journal of Computers

Abstract:Trusted Network Connect (TNC) is considered as an important part of trusted network architecture, and with its deeper research and application development, whether it is enough trustworthy during TNC platform authentication and access control becomes a key problem. In the paper, we mainly focus on the trustworthy problem of TNC. First, we proposed a novel security quantifying method which is based on semi-Markov processes. And then, according to the potential threat and security holes during typical message flow and access authorization process in TNC specification, we proposed a set of trustworthy enhanced mechanisms, which is verified by our security quantifying method. Finally a TNC prototype system framework based on IXP2400 network processor is built to be a performance evaluation and trustworthy verification platform.

Yu Jiang,Hehua Zhang,Xiaoyu Song,William N. N. Hung,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/compsac.2013.89

2013-01-01

Abstract:The train control system is a safety-critical embedded system. In this system, all buses and devices share the real time communication protocol, which is described in the standard IEC 61375. Many systems that comply the standard have been implemented and used in the real world railway, however, their safety checking is highly nontrivial. In this paper, we focus on the formal verification and implementation of the protocol described in the standard. The protocol is modeled as a network of timed automata, which are synchronized to describe the procedure of connection establishment and data transmission among vehicles. The stochastic factors such as time delay and packet loss are modeled in the channel module. Afterwards, we abstract some safety critical properties that are important to guarantee the correctness of the protocol. These properties are verified with the model checker Uppaal. Two properties are violated in the verification, and two corresponding bugs in the standard are fixed and proposed to the IEC. In order to prove the bugs we find, we implement two versions of the standard. The first is for the original description of the standard, and the second is for our fixed description. Both versions are tested with the D113 (a widely used general Multifunction Vehicle Bus control system implemented by the Duagon company), and we find that the second version works well, while the first fails. The second version for the fixed protocol is now used in the real world subway.

RB Hao,JP Wu,ML Shi

DOI: https://doi.org/10.1109/icct.1996.545163

1996-01-01

Abstract:Protocol conformance testing is the basic facility to ensure the interoperability between protocol implementations. It demands formal methods in protocol conformance testing for various protocols and testing methods. This paper gives an introduction of basic concepts and techniques of protocol conformance testing, and then an analysis of the application of formal methods in this field. We mainly focus our attention on test execution methods, which play an important role in system testing. We propose an approach to test execution based on the operational semantics of the TTCN, and use this method for our testing system's construction. We applied our testing system to the testing of different OSI protocols and got some satisfying results

Shameng Wen,Qingkun Meng,Chao Feng,Chaojing Tang

DOI: https://doi.org/10.1371/journal.pone.0188229

IF: 3.7

2017-11-16

PLoS ONE

Abstract:Formal techniques have been devoted to analyzing whether network protocol specifications violate security policies; however, these methods cannot detect vulnerabilities in the implementations of the network protocols themselves. Symbolic execution can be used to analyze the paths of the network protocol implementations, but for stateful network protocols, it is difficult to reach the deep states of the protocol. This paper proposes a novel model-guided approach to detect vulnerabilities in network protocol implementations. Our method first abstracts a finite state machine (FSM) model, then utilizes the model to guide the symbolic execution. This approach achieves high coverage of both the code and the protocol states. The proposed method is implemented and applied to test numerous real-world network protocol implementations. The experimental results indicate that the proposed method is more effective than traditional fuzzing methods such as SPIKE at detecting vulnerabilities in the deep states of network protocol implementations.

Jinze Du,Rui Tang,Tao Feng

DOI: https://doi.org/10.3390/s22186792

IF: 3.9

2022-09-09

Sensors

Abstract:The combination of in-vehicle networks and smart car devices has gradually developed into Intelligent Connected Vehicles (ICVs). Through the vehicle security protocol, ICVs can quickly realize communication transmission. However, with the more frequent connections between smart in-vehicle devices and the network, the relationship between intelligent cars and external systems is becoming more and more complicated, and in-vehicle networks are gradually facing many security issues. Strengthening the security of in-vehicle protocols has become particularly important. This paper uses the model building method based on the Colored Petri Net (CPN) theory to model the Scalable service-Oriented MiddlewarE over IP (SOME/IP) protocol of the vehicle Ethernet. The security protocol is formally verified and analyzed by combining it with the Dolev–Yao adversary model detection method. After verification, the protocol is subject to three attack vulnerabilities: replay, tampering, and deception. We introduce timestamps and random numbers to strengthen the protocol security. After the final analysis and verification, the improved scheme in this paper can effectively improve the security performance of the protocol.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jiangyuan Yao,Zhiliang Wang,Xia Yin,Xingang Shi,Jianping Wu

DOI: https://doi.org/10.1109/ICCCN.2013.6614178

2013-01-01

Abstract:Current researches on model-based testing mainly focus on the single component model, such as FSM (Finite State Machine) and EFSM (Extended FSM). To model and test parallelism and concurrency among different protocol components, traditional CFSM (Communicating FSMs) models communication as asynchronous message exchange, which is not suitable for the scenario that parallel protocol components read shared variables from each other. We have developed Parallel Parameterized Extended Finite State Machine (PaP-EFSM) to handle this situation. In this paper, we present a hierarchical test generation approach for PaP-EFSMs based on reachability graphs. The combination of bottom-up reachability graph generation and top-down test sequence generation ensures the executability of the test sequences and alleviates state explosion. We apply this method to the conformance testing of SAVI, a real protocol for anti-spoofing of IP source addresses. We build a set of PaP-EFSMs for SAVI and derive the executable test sequences, which expose many implementation faults when applied to real devices from 4 different vendors.