陈涛,潘雪增,陈健,陈小平,陆魁军

DOI: https://doi.org/10.3778/j.issn.1002-8331.2010.06.017

2010-01-01

Abstract:In the field of communication protocol conformance test,how to generate test sequences which satisfy the requirements is one of hot research.Due to the generated test sequences aren’t simple and efficient enough,after introducing FSM which is the main formal model of communication protocol,this paper first studys test sequence generation algorithm based on UIO,and then improves the original algorithm.Test sequences generated by the improved algorithm have higher fault coverage,and the length of test sequences has been shortened.

Steve Kremer,Max Ammann,L. Hirschi

DOI: https://doi.org/10.1109/SP54263.2024.00096

2024-05-19

Abstract:Critical and widely used cryptographic protocols have repeatedly been found to contain flaws in their design and their implementation. A prominent class of such vulnerabilities is logical attacks, e.g. attacks that exploit flawed protocol logic. Automated formal verification methods, based on the Dolev-Yao (DY) attacker, formally define and excel at finding such flaws, but operate only on abstract specification models. Fully automated verification of existing protocol implementations is today still out of reach. This leaves open whether such implementations are secure. Unfortunately, this blind spot hides numerous attacks, such as recent logical attacks on widely used TLS implementations introduced by implementation bugs.We answer by proposing a novel and effective technique that we call DY model-guided fuzzing, which precludes logical attacks against protocol implementations. The main idea is to consider as possible test cases the set of abstract DY executions of the DY attacker, and use a novel mutation-based fuzzer to explore this set. The DY fuzzer concretizes each abstract execution to test it on the program under test. This approach enables reasoning at a more structural and security-related level of messages represented as formal terms (e.g. decrypt a message and re-encrypt it with a different key) as opposed to random bit-level modifications that are much less likely to produce relevant logical adversarial behaviors. We implement a full-fledged and modular DY protocol fuzzer. We demonstrate its effectiveness by fuzzing three popular TLS implementations, resulting in the discovery of four novel vulnerabilities.

Computer Science

Josip Bozic,Lina Marsso,Radu Mateescu,Franz Wotawa

DOI: https://doi.org/10.4204/EPTCS.268.1

2018-03-28

Abstract:Testing of network services represents one of the biggest challenges in cyber security. Because new vulnerabilities are detected on a regular basis, more research is needed. These faults have their roots in the software development cycle or because of intrinsic leaks in the system specification. Conformance testing checks whether a system behaves according to its specification. Here model-based testing provides several methods for automated detection of shortcomings. The formal specification of a system behavior represents the starting point of the testing process. In this paper, a widely used cryptographic protocol is specified and tested for conformance with a test execution framework. The first empirical results are presented and discussed.

Cryptography and Security,Software Engineering

Ting Shu,Shouqian Sun,HaiNing Wang

DOI: https://doi.org/10.1109/CAIDCD.2009.5374861

2009-01-01

Abstract:The existence of predicate and conditional statements of the protocol transition specified in EFSM model results in the generation of infeasible State Identification Sequence using traditional methods. Thus, how to automatically generate executable State Identification Sequences, in an efficient and effective way, becomes the critical issue for protocol conformance testing. In this paper, we present a novel method of executable state identification sequence generation used to preferably solve the executability problem of state identification sequences. Specifically, in terms of an executable analysis tree (EAT), the proposed method can ensure the executability of the generated state identification sequence. In a specific state identification scene, we can use a state projection subspace to simplify, the state identification work. At last, an example was performed to show that the new method is how to work effectively.

Gao Xiang,Wang Xin

DOI: https://doi.org/10.13382/j.jemi.2007.02.022

2007-01-01

JOURNAL OF ELECTRONIC MEASUREMENT AND INSTRUMENT

Abstract:Automatic generation of test sequences is an important issue in conformance testing of communication protocols. The optimal-length test sequences with high fault coverage are of great importance in enhancing the efficiency of the whole testing system. This paper presents a new approach for generating test sequences automatically. In this approach, a mathematical module-FSM state graph for communication protocol is specified by incidence matrix; the concept of linear programming is introduced; symmetrical FSM graph is obtained by utilizing integer linear programming renovation, and finally the shortest traversal sequences are obtained by utilizing the Chinese Postman Traversal Algorithm. The UIO sequence for the initial state in the Euler loop or for the tail state in the Euler path is used as the checking sequence for the tail state of each transition. It is proved that this approach has feasibility and superiority .

David Basin,Cas Cremers

DOI: https://doi.org/10.1007/978-3-642-15205-4_1

2010-01-01

Abstract:We present a symbolic framework, based on a modular operational semantics, for formalizing different notions of compromise relevant for the analysis of cryptographic protocols. The framework’s rules can be combined in different ways to specify different adversary capabilities, capturing different practically-relevant notions of key and state compromise. We have extended an existing security-protocol analysis tool, Scyther, with our adversary models. This is the first tool that systematically supports notions such as weak perfect forward secrecy, key compromise impersonation, and adversaries capable of state-reveal queries. We also introduce the concept of a protocol-security hierarchy, which classifies the relative strength of protocols against different forms of compromise. In case studies, we use Scyther to automatically construct protocol-security hierarchies that refine and correct relationships between protocols previously reported in the cryptographic literature.

RB Hao,JP Wu,ML Shi

DOI: https://doi.org/10.1109/icct.1996.545163

1996-01-01

Abstract:Protocol conformance testing is the basic facility to ensure the interoperability between protocol implementations. It demands formal methods in protocol conformance testing for various protocols and testing methods. This paper gives an introduction of basic concepts and techniques of protocol conformance testing, and then an analysis of the application of formal methods in this field. We mainly focus our attention on test execution methods, which play an important role in system testing. We propose an approach to test execution based on the operational semantics of the TTCN, and use this method for our testing system's construction. We applied our testing system to the testing of different OSI protocols and got some satisfying results

Yahui Yang,Yunfei Chen,Min Xia,Juan Ma

DOI: https://doi.org/10.1109/IAS.2009.224

2009-01-01

Abstract:Aiming at automated security test on communication protocols, this paper proposes an automated manipulation mechanism of testing procedure based on FSM (Finite State Machine), and designs an automated packet generation mechanism based on a protocol template library. The practical experiments and applications show that the automated security testing platform of communication protocols based on this mechanism can implement the correct evaluations, be convenient to construct the testing procedure, generate automatically test packet sequence and have smaller packet control granularity. It can be used for the systematic and efficient infiltrative security test.

Xin Qin,Navid Hashemi,Lars Lindemann,Jyotirmoy V. Deshmukh

2023-08-12

Abstract:Conformance is defined as a measure of distance between the behaviors of two dynamical systems. The notion of conformance can accelerate system design when models of varying fidelities are available on which analysis and control design can be done more efficiently. Ultimately, conformance can capture distance between design models and their real implementations and thus aid in robust system design. In this paper, we are interested in the conformance of stochastic dynamical systems. We argue that probabilistic reasoning over the distribution of distances between model trajectories is a good measure for stochastic conformance. Additionally, we propose the non-conformance risk to reason about the risk of stochastic systems not being conformant. We show that both notions have the desirable transference property, meaning that conformant systems satisfy similar system specifications, i.e., if the first model satisfies a desirable specification, the second model will satisfy (nearly) the same specification. Lastly, we propose how stochastic conformance and the non-conformance risk can be estimated from data using statistical tools such as conformal prediction. We present empirical evaluations of our method on an F-16 aircraft, an autonomous vehicle, a spacecraft, and Dubin's vehicle.

Systems and Control

Xingang Shi,Jianping Wu

2004-01-01

Abstract:testing istheprocedure toverify whether protocol implementations conform totheir specifications. In thispaper,we propose a traversal probability based conformance testing method -TPBT,whichcanbeusedtotest protocols specified ascommunicating finite statemachines (CFSM)efficiently. Infact, TPBT isa randomwalkbased adaptive method, whichaimstotraverse alltransitions in component machines insteps asfewaspossible. We apply itto twoexample CFSMmodels, andtheresults showthat itachieves better performance thanotherrandomwalkbasedadaptive methods. Applying TPBT totheMobileIPv6protocol, all component machines' transitions aretraversed within about 600 steps, forwhichpre-generated testcasesaretedious longand error-prone.

Vincent Cheval,Steve Kremer,Itsaka Rakotonirina

DOI: https://doi.org/10.46298/theoretics.24.4

2024-03-12

Abstract:Automated verification has become an essential part in the security evaluation of cryptographic protocols. In this context privacy-type properties are often modelled by indistinguishability statements, expressed as behavioural equivalences in a process calculus. In this paper we contribute both to the theory and practice of this verification problem. We establish new complexity results for static equivalence, trace equivalence and labelled bisimilarity and provide a decision procedure for these equivalences in the case of a bounded number of protocol sessions. Our procedure is the first to decide trace equivalence and labelled bisimilarity exactly for a large variety of cryptographic primitives -- those that can be represented by a subterm convergent destructor rewrite system. We also implemented the procedure in a new tool, DeepSec. We showed through extensive experiments that it is significantly more efficient than other similar tools, while at the same time raises the scope of the protocols that can be analysed.

Cryptography and Security

Haiyang Wei,Zhengjie Du,Haohui Huang,Yue Liu,Guang Cheng,Linzhang Wang,Bing Mao

2024-06-14

Abstract:State machines play a pivotal role in augmenting the efficacy of protocol analyzing to unveil more vulnerabilities. However, the task of inferring state machines from network protocol implementations presents significant challenges. Traditional methods based on dynamic analysis often overlook crucial state transitions due to limited coverage, while static analysis faces difficulties with complex code structures and behaviors. To address these limitations, we propose an innovative state machine inference approach powered by Large Language Models (LLMs). Utilizing text-embedding technology, this method allows LLMs to dissect and analyze the intricacies of protocol implementation code. Through targeted prompt engineering, we systematically identify and infer the underlying state machines. Our evaluation across six protocol implementations demonstrates the method's high efficacy, achieving an accuracy rate exceeding 90% and successfully delineating differences on state machines among various implementations of the same protocol. Importantly, integrating this approach with protocol fuzzing has notably enhanced AFLNet's code coverage by 10% over RFCNLP, showcasing the considerable potential of LLMs in advancing network protocol security analysis. Our proposed method not only marks a significant step forward in accurate state machine inference but also opens new avenues for improving the security and reliability of protocol implementations.

Cryptography and Security

Haiyang Wei,Zhengjie Du,Haohui Huang,Yue Liu,Guang Cheng,Linzhang Wang,Bing Mao

DOI: https://doi.org/10.48550/arxiv.2405.00393

2024-01-01

Abstract:State machines play a pivotal role in augmenting the efficacy of protocolanalyzing to unveil more vulnerabilities. However, the task of inferring statemachines from network protocol implementations presents significant challenges.Traditional methods based on dynamic analysis often overlook crucial statetransitions due to limited coverage, while static analysis faces difficultieswith complex code structures and behaviors. To address these limitations, wepropose an innovative state machine inference approach powered by LargeLanguage Models (LLMs). Utilizing text-embedding technology, this method allowsLLMs to dissect and analyze the intricacies of protocol implementation code.Through targeted prompt engineering, we systematically identify and infer theunderlying state machines. Our evaluation across six protocol implementationsdemonstrates the method's high efficacy, achieving an accuracy rate exceeding90implementations of the same protocol. Importantly, integrating this approachwith protocol fuzzing has notably enhanced AFLNet's code coverage by 10RFCNLP, showcasing the considerable potential of LLMs in advancing networkprotocol security analysis. Our proposed method not only marks a significantstep forward in accurate state machine inference but also opens new avenues forimproving the security and reliability of protocol implementations.

Zhiliang Wang,Jianping Wu,Xia Yin

2004-01-01

Abstract:Protocol interoperability testing is an important complement of conformance testing to ensure the quality of implementations of network communication protocols. In this paper, we present a generic formal framework of interoperability test sequence generation considering distributed test architecture. We firstly give an extended CFSM model, which represents each component machine as a multi-port FSM, to specify system under test conveniently. In the framework, the first step is to generate the centralized test sequence using reachability analysis approach; Then suitable distributed test architecture should be selected; After that, we discuss the controllability and observability problems in interoperability testing. In order to solve these problems, we present a formal algorithm to generate synchronizable interoperability test sequence. An example is given to illustrate this formal framework.

Qingkai Shi,Xiangzhe Xu,Xiangyu Zhang

2024-07-01

Abstract:Reverse engineering of protocol message formats is critical for many security applications. Mainstream techniques use dynamic analysis and inherit its low-coverage problem -- the inferred message formats only reflect the features of their inputs. To achieve high coverage, we choose to use static analysis to infer message formats from the implementation of protocol parsers. In this work, we focus on a class of extremely challenging protocols whose formats are described via constraint-enhanced regular expressions and parsed using finite-state machines. Such state machines are often implemented as complicated parsing loops, which are inherently difficult to analyze via conventional static analysis. Our new technique extracts a state machine by regarding each loop iteration as a state and the dependency between loop iterations as state transitions. To achieve high, i.e., path-sensitive, precision but avoid path explosion, the analysis is controlled to merge as many paths as possible based on carefully-designed rules. The evaluation results show that we can infer a state machine and, thus, the message formats, in five minutes with over 90% precision and recall, far better than state of the art. We also applied the state machines to enhance protocol fuzzers, which are improved by 20% to 230% in terms of coverage and detect ten more zero-days compared to baselines.

Cryptography and Security,Programming Languages,Software Engineering

TUAN Bo,LI Jin,SUN Hai-bo,YANG Pan-long

2008-01-01

Abstract:Some test generation methods were presented based on the concept of the protocol conformance testing.Most attention was paid to the model based on FSM,and also such other models as EFSM and DFSM.The important theories and limitations in each method were pre- sented.Finally further problems to be studied in this field and the development trends were pointed out.

Fides Aarts,Harco Kuppens,Jan Tretmans,Frits Vaandrager,Sicco Verwer

DOI: https://doi.org/10.1007/s10994-013-5405-0

IF: 5.414

2013-10-03

Machine Learning

Abstract:Using a well-known industrial case study from the verification literature, the bounded retransmission protocol, we show how active learning can be used to establish the correctness of protocol implementation I relative to a given reference implementation R. Using active learning, we learn a model MR of reference implementation R, which serves as input for a model-based testing tool that checks conformance of implementation I to MR. In addition, we also explore an alternative approach in which we learn a model MI of implementation I, which is compared to model MR using an equivalence checker. Our work uses a unique combination of software tools for model construction (Uppaal), active learning (LearnLib, Tomte), model-based testing (JTorX, TorXakis) and verification (CADP, MRMC). We show how these tools can be used for learning models of and revealing errors in implementations, present the new notion of a conformance oracle, and demonstrate how conformance oracles can be used to speed up conformance checking.

computer science, artificial intelligence

Kentaro Ohno,Misato Nakabayashi

2023-04-26

Abstract:We propose a security verification framework for cryptographic protocols using machine learning. In recent years, as cryptographic protocols have become more complex, research on automatic verification techniques has been focused on. The main technique is formal verification. However, the formal verification has two problems: it requires a large amount of computational time and does not guarantee decidability. We propose a method that allows security verification with computational time on the order of linear with respect to the size of the protocol using machine learning. In training machine learning models for security verification of cryptographic protocols, a sufficient amount of data, i.e., a set of protocol data with security labels, is difficult to collect from academic papers and other sources. To overcome this issue, we propose a way to create arbitrarily large datasets by automatically generating random protocols and assigning security labels to them using formal verification tools. Furthermore, to exploit structural features of protocols, we construct a neural network that processes a protocol along its series and tree structures. We evaluate the proposed method by applying it to verification of practical cryptographic protocols.

Cryptography and Security,Machine Learning

Dexi Wang,Yu Jiang,Houbing Song,Fei He,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/access.2017.2697918

IF: 3.9

2017-01-01

IEEE Access

Abstract:Cryptographic hash functions have become the basis of modern network computing for identity authorization and secure computing; protocol consistency of cryptographic hash functions is one of the most important properties that affect the security and correctness of cryptographic implementations, and protocol consistency should be well proven before being applied in practice. Software verification has seen substantial application in safety-critical areas and has shown the ability to deliver better quality assurance for modern software; thus, applying software verification to a protocol consistency proof for cryptographic hash functions is a reasonable approach to prove their correctness. Verification of protocol consistency of cryptographic hash functions includes modeling of the cryptographic protocol and program analysis of the cryptographic implementation; these require a dedicated cryptographic implementation model that preserves the semantics of the code, efficient analysis of cryptographic operations on arrays and bits, and the ability to verify large-scale implementations. In this paper, we propose a fully automatic software verification framework, VeriHash, that brings software verification to protocol consistency proofs for cryptographic hash function implementations. It solves the above challenges by introducing a novel cryptographic model design for modeling the semantics of cryptographic hash function implementations, extended array theories for analysis of operations, and compositional verification for scalability. We evaluated our verification framework on two SHA-3 cryptographic hash function implementations: the winner of the NIST SHA-3 competition, Keccack; and an open-source hash program, RHash. We successfully verified the core parts of the two implementations and reproduced a bug in the published edition of RHash.

Robert Sachtleben,Jan Peleska

DOI: https://doi.org/10.48550/arXiv.2106.14284

2021-06-28

Abstract:For partial, nondeterministic, finite state machines, a new conformance relation called strong reduction is presented. It complements other existing conformance relations in the sense that the new relation is well-suited for model-based testing of systems whose inputs are enabled or disabled, depending on the actual system state. Examples of such systems are graphical user interfaces and systems with interfaces that can be enabled or disabled in a mechanical way. We present a new test generation algorithm producing complete test suites for strong reduction. The suites are executed according to the grey-box testing paradigm: it is assumed that the state-dependent sets of enabled inputs can be identified during test execution, while the implementation states remain hidden, as in black-box testing. It is shown that this grey-box information is exploited by the generation algorithm in such a way that the resulting best-case test suite size is only linear in the state space size of the reference model. Moreover, examples show that this may lead to significant reductions of test suite size in comparison to true black-box testing for strong reduction.

Software Engineering