Li Zhou,Xia Yin,Zhiliang Wang

DOI: https://doi.org/10.1109/icstw.2011.18

2011-01-01

Abstract:Protocol security testing is an important technique to ensure the security of communication protocols. However, methods considering both effective detection to specification vulnerabilities and efficient testing on protocol implementations are not well developed. In this paper, we present a general method for protocol security testing including protocol verification with SPIN model checker and protocol testing with formal testing language TTCN-3. We use threat model to model malicious entities and import the classification of information security to achieve a complete analysis of security requirements for protocol verification. We also develop a SPIN Trail to TTCN-3(st2ttcn) conversion tool to generate test cases automatically from counter examples obtained from model checking. As a case study, we apply our approach to the security testing of Source Address Validation Improvements (SAVI) protocol. We test two versions of SAVI-DHCP protocol. Security vulnerabilities have been found and tested in corresponding implementations.

Yuelei XIAO,Zhixiang ZHU,Yong ZHANG

DOI: https://doi.org/10.13682/j.issn.2095-6533.2015.05.003

2015-01-01

Abstract:By analyzing the process of security protocols,the definition of driving module (DM) is introduced,and then regular and penetrator DMs are formed according to the Strand Space Model (SSM).Based on this,a DM-based model checking method is proposed.Theoretical analysis indicates that this method is prefect in terms of searching breadth and depth,and can avoid the state space explosion problem.Therefore,this method can be used not only to get the attack scenarios of a flawed security protocol,but also to prove that an unflawed security protocol is secure.Moreover,the Otway-Rees protocol and the TLS protocol are analyzed based on this method.As a result,various attack scenarios of the Otway-Rees protocol are discovered and two secure improved Otway-Rees protocols are put forward,and therefore the TLS protocol is proved to be secure.

Josip Bozic,Lina Marsso,Radu Mateescu,Franz Wotawa

DOI: https://doi.org/10.4204/EPTCS.268.1

2018-03-28

Abstract:Testing of network services represents one of the biggest challenges in cyber security. Because new vulnerabilities are detected on a regular basis, more research is needed. These faults have their roots in the software development cycle or because of intrinsic leaks in the system specification. Conformance testing checks whether a system behaves according to its specification. Here model-based testing provides several methods for automated detection of shortcomings. The formal specification of a system behavior represents the starting point of the testing process. In this paper, a widely used cryptographic protocol is specified and tested for conformance with a test execution framework. The first empirical results are presented and discussed.

Cryptography and Security,Software Engineering

Qin Li,Fan Yang,Huibiao Zhu,Longfei Zhu

DOI: https://doi.org/10.1109/csie.2009.64

2009-01-01

Abstract:Kerberos protocol is one of the popular security protocols used to authenticate the identities of the communication participants. The key distribution mechanism in this protocol is suitable for other secure applications. We formalize the protocol using CSP methods. Based on the formal model, the mechanism of the protocol is exposed to us clearly. Principles and tools support the verification of the formal model. In that way, we can prove that the system protected by the protocol is indeed secure as it declared. The reasons for security can be fixed out formally as a reference to analyzing other protocols.

Shameng Wen,Qingkun Meng,Chao Feng,Chaojing Tang

DOI: https://doi.org/10.1371/journal.pone.0186188

IF: 3.7

2017-10-19

PLoS ONE

Abstract:Network protocol vulnerability detection plays an important role in many domains, including protocol security analysis, application security, and network intrusion detection. In this study, by analyzing the general fuzzing method of network protocols, we propose a novel approach that combines network traffic analysis with the binary reverse engineering method. For network traffic analysis, the block-based protocol description language is introduced to construct test scripts, while the binary reverse engineering method employs the genetic algorithm with a fitness function designed to focus on code coverage. This combination leads to a substantial improvement in fuzz testing for network protocols. We build a prototype system and use it to test several real-world network protocol implementations. The experimental results show that the proposed approach detects vulnerabilities more efficiently and effectively than general fuzzing methods such as SPIKE.

Shu Xiao,Lijun Deng,Sheng Li,Xiangrong Wang

DOI: https://doi.org/10.1109/ICCNMC.2003.1243061

2003-01-01

Abstract:Many security holes stem from the defects in network protocol implementations. This paper presents an industry best practice of integrated TCP/IP network protocol testing that targets software robustness vulnerabilities. The deployed test system consists of a versatile test engine, a protocol data unit generator and a few auxiliary tools. The specially designed kernel test engine supporting IP/TCP/UDP as carrier protocols drives predefined fault-injected PDU (protocol data unit) to the network unit under test. Its novel callback mechanism and virtual network device connection capability cost-effectively enhance user controlled testing intelligence for verifying protocols with complicated state transitions. The PDU generator aims to provide a systematic solution for rapid test case creation, which is based on new strengthened BNF (Backus-Naur form) language for protocol specification mutation and fault injection. Established on this system, we propose an integrated industry test environment for network protocol code assessment. Initial experiments and case studies with multicast protocols unveiled several robustness violations, which have significant security impacts.

D Lee,DL Chen,RB Hao,RE Miller,JP Wu,X Yin

DOI: https://doi.org/10.1109/tnet.2006.872572

2006-01-01

Abstract:We study network protocol system monitoring for fault detection using a formal technique of passive testing that is a process of detecting system faults by passively observing its input/output behaviors without interrupting its normal operations. After describing a formal model of event-driven extended finite state machines, we present two algorithms for passive testing of protocol system control and data portions. Experimental results on OSPF and TCP are reported.

Y Lee,XY Chen,XQ Tong,JZ Luo

DOI: https://doi.org/10.1109/tencon.2002.1181249

2002-01-01

Abstract:The security of communication protocols needs to be considered in a distributed network system, and the formal analysis is one of most important methods in evaluating the security of a protocol. However there is a lack of effective formal analysis tools in analyzing the security of a protocol. In this paper we raise a formal logic used for analyzing security of a protocol, the Select Accept Dynamic Logic. and describe successfully the attack act to the communication protocols - the TMN (Tatebayashi et al. (1990)) protocol and the Needham-Schroeder (1978) protocol - with this logic. The Select Accept Dynamic Logic will provide a new effective tool for the analysis of protocols.

Shameng Wen,Qingkun Meng,Chao Feng,Chaojing Tang

DOI: https://doi.org/10.1371/journal.pone.0188229

IF: 3.7

2017-11-16

PLoS ONE

Abstract:Formal techniques have been devoted to analyzing whether network protocol specifications violate security policies; however, these methods cannot detect vulnerabilities in the implementations of the network protocols themselves. Symbolic execution can be used to analyze the paths of the network protocol implementations, but for stateful network protocols, it is difficult to reach the deep states of the protocol. This paper proposes a novel model-guided approach to detect vulnerabilities in network protocol implementations. Our method first abstracts a finite state machine (FSM) model, then utilizes the model to guide the symbolic execution. This approach achieves high coverage of both the code and the protocol states. The proposed method is implemented and applied to test numerous real-world network protocol implementations. The experimental results indicate that the proposed method is more effective than traditional fuzzing methods such as SPIKE at detecting vulnerabilities in the deep states of network protocol implementations.

LIU Hong-xia,ZHAO Bao-hua

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.04.009

2007-01-01

Abstract:Network security is playing an increasingly crucial role with the popularity of network and the development of society. This paper presents a distributed virtual testing system based on the techniques of protocol testing. To check the network security using the protocol implements. The protocol under study is the ARP. The study is based on a simple implementation and some experiments . Network Security Testing based on protocol implements is proved to be crucial and feasible.

Kaled Alshmrany,Lucas Cordeiro

DOI: https://doi.org/10.48550/arXiv.2001.09592

2020-01-27

Cryptography and Security

Abstract:Implementations of network protocols are often prone to vulnerabilities caused by developers' mistakes when accessing memory regions and dealing with arithmetic operations. Finding practical approaches for checking the security of network protocol implementations has proven to be a challenging problem. The main reason is that the protocol software state-space is too large to be explored. Here we propose a novel verification approach that combines fuzzing with symbolic execution to verify intricate properties in network protocol implementations. We use fuzzing for an initial exploration of the network protocol, while symbolic execution explores both the program paths and protocol states, which were uncovered by fuzzing. From this combination, we automatically generate high-coverage test input packets for a network protocol implementation. We surveyed various approaches based on fuzzing and symbolic execution to understand how these techniques can be effectively combined and then choose a suitable tool to develop further our model on top of it. In our preliminary evaluation, we used ESBMC, Map2Check, and KLEE as software verifiers and SPIKE as fuzzer to check their suitability to verify our network protocol implementations. Our experimental results show that ESBMC can be further developed within our verification framework called \textit{FuSeBMC}, to efficiently and effectively detect intricate security vulnerabilities in network protocol implementations.

ZHUANG Qing,CAI Xiao-juan,DONG Xiao-ju,QI Zheng-wei

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.17.046

2008-01-01

Abstract:(Abstract)This paper describes a graphic verification tool for security protocol based on GSPM with formal methods. Linear Temporal Logic(LTL) is introduced to show the property of security protocol. This tool can find out the bug of security protocol using the model-checking method based on searching states. The simplified needham-schroeder public-key authentication protocol is used to exemplify the automatic verification process of security protocol with this tool, and results show the validity and correctness of the verification algorithm. (Key words)Linear Temporal Logic(LTL); security protocol; confidentiality; authentication

Prasad Narayana,Ruiming Chen,Yao Zhao,Yan Chen,Zhi Fu,Hai Zhou

DOI: https://doi.org/10.1109/npsec.2006.320346

2006-01-01

Abstract:IP security is designed to protect hosts from attack, but can itself provide a way to overwhelm the resources of a host. One such denial of service (DoS) attack involves sending incorrectly signed packets to a host, which then consumes substantial CPU ...

Tieming Chen,Zhenbo Yu,Shijian Li,Bo Chen

DOI: https://doi.org/10.1155/2016/8797568

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the nodemobility related specification for modeling location-based node activity. Then, the traditional Dolev Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

GU Chun-xiang,WANG Huan-xiao,ZHENG Yong-hui,XIN Dan,LIU Nan

DOI: https://doi.org/10.3969/j.issn.1000-436x.2014.11.013

2014-01-01

Abstract:A SAT-based security protocol formalization analysis method named SAT-LMC is proposed.The method introduces optimized the initial state and transformational rules with “lazy” idea.The efficiency of detection is significantly improved.Moreover，by adding support for strong type flaw attack defect，the attack detection becomes more comprehensive.A security protocol analysis tool is implemented based on the method; a type flaw attack is detected for protocol Otway-Rees.For OAuth2.0 protocol，analysis shows that there is a kind of man-in-the-middle attack of the authorization code in some application scenarios.

Meijian Li,Wang, Yongjun,Xie, Peidai,Zhijian Huang

DOI: https://doi.org/10.1049/cp.2014.0729

2014-01-01

Abstract:To maintain communications confidentiality, security protocols are widely used in more and more network applications. Moreover, some malwares even leverage these kinds of protocols to evade inspection by IDS. Most security protocols are designed and verified by formalized methods; however, observation shows that protocol implementations commonly contain flaws or vulnerabilities. Therefore, research on reverse engineering of security protocols can play an important role in improving the security of network applications, especially by providing another way to fight against malwares. Nevertheless, previous protocol reverse engineering technologies, which are based on analysis of network traces, encounter great challenges when the network messages transmitted between different protocol principals are encrypted. This paper proposes a taint analysis based method, which aims to infer the message format from dynamic execution of security protocol applications. The proposed approach is based on the observation that the process of message parsing in cryptographic protocol applications reveals rich information about the hierarchical structures and semantics of their messages. Hence, by observing calls to library function and instruction execution in network programs, the proposed approach can reverse derive large amount of information about their protocol, such as message format and protocol model, even the communication is encrypted. Experiments show that the reverse analysis results not only accurately identify message fields, but also unveil the structure of the encrypted message fields.

DL Chen,JP Wu,TI Chu

DOI: https://doi.org/10.1109/iccnmc.2003.1243103

2003-01-01

Abstract:We study passive testing on protocols to detect faults in network devices. An enhanced passive testing tool is developed using integer linear programming in determining the ranges of the variables. On-line pruning reveals the current configuration of the system and the transition covered. Network system monitoring is conducted in a formal and fine-granularity way.

Weiming Li,Meirong Ai,Bo Jin

DOI: https://doi.org/10.1007/978-3-319-42291-6_58

2016-01-01

Abstract:Automatic network protocol reverse engineering is very important for many network applications such as fuzz testing and intrusion detection. Since sequences alignment on network traces is limited by the lack of semantic information, recent researches focus on dynamic taint analysis. But current dynamic taint based methods need heuristics rules to handle different network protocols which make them too complex to run automatically and efficiently. Our approach is inspired by the observation that different fields of network protocol message are processed in different execution path of the binary application, while the bytes of same message field are processed by highly similar instructions sequence. After analyzing the similarity of dynamic taint propagation and adjusting boundaries according to keywords and separators, we can identify the field boundaries not only accurately but also fully automatically. Evaluated by real-world protocol implementations (FTP, HTTP, DNS, etc.), the result shows our method is more accurate and simpler than exist methods.

Wei Pan,Weihua Li

DOI: https://doi.org/10.1109/ispa.2009.73

2009-01-01

Abstract:In information era advocating ubiquitous computing, computing resources are susceptible to attack without guaranteeing security of network system. It is necessary and desirable for network system to employ powerful safeguard to protect itself against diversified vulnerabilities. In this paper, we present reverse analysis and vulnerability detection for network system software (RAVDNSS), a novel approach which uses reverse analysis and vulnerability detection technologies to deal with security problems on critical network system. Adaptive reverse analysis we propose is used to dig out potential vulnerabilities, which might be abused by unauthorized and unlawful communities. A new vulnerability detection model is designed to provide safety precautions through detecting vulnerabilities and monitoring program behaviors. Our investigation aims to improve the ability to guard network system against malicious attacks. The proposed schemes demonstrate that our approach can effectively perform security detection and management of network system software.

邵晨曦,胡香冬,熊焰,蒋凡

DOI: https://doi.org/10.3321/j.issn:0372-2112.2002.z1.044

2002-01-01

Abstract:In order to use the strong system verification technology model checking in the security property analysis of network protocols,formal modeling method is still the critical problem. In this paper, a modeling method based on a high-level process description language is presented According to the categorizing based on intruders' objectives and roles, we analyze the running mode of protocols from the point of view of the intruders, constructing individual process specification for each principal, then verify them using model checking tools. The analysis of the BAN-Yahalom protocol illustrates the feasibility of the approach. This approach has some generality, and provids a good reference for analysis of other network protocols.