HACNet
Simulation-based Validation of Security Protocols
Vinay Venkataraghavan
Advisors: S.Nair, P.-M. Seidel
HACNet Lab
Computer Science and Engineering Department
{venkatra, Nair, Seidel}@engr.smu.edu
HACNet
Security Protocols: Properties and Services
SecurityProtocols
Authentication Non-repudiationConfidentiality Integrity
Security Protocols contain subtle designand implementation flaws
Results in incorrectexecution
System is vulnerable tovarious attacks
HACNet
Problems and flaws in Security Protocols
SecurityProtocol Flaws
ElementaryProtocol Flaws
Password/Keyguessing flaws
Stale messageflaws
Parallel Sessionflaws
Internal Protocolflaws
Cryptosystemflaws
Occur in protocols that have no protectionagainst adversary attacks
A protocol entity fails to complete all requisiteactions
Adversary gains information by exchangingsuitable protocol messages
Using old session messages for replayattacks
Choose passwords form a small set ofwords
System satisfies properties but exhibitsadditional properties that sacrifice confidentiality
and authenticaton
HACNet
The need for Verification and Validation
Flaws in security protocols need to be detected and correctedin order to maintain reliability.
Verification and validation required in order to detect subtleflaws in protocols.
Need for V&Vclassified as follows
Flaws in functional specification. Theare contained in the high level
specifications.
Implementation dependent flaws.Occur in some implementations
and not others.
Implementation Flaws. These manifestwhen a correct specification is
incorrectly implemented.
Verification and validation involves the systematic analyses ofprotocols in order to verify properties and detect errors.
HACNet
Hierarchy and Stages in Validation and Verification
Errorsintroduced
Errorsintroduced
Formalspecificatons
Simulation/Validation
Programmers
Implementation
InformalSpecifications
Hierarchy of verification andvalidation techniques
Modal LogicSystems
Systems basedon process
algebras
State machinebased
systems
Simulation basedtechniques
Protocol Specification
Protocol Implementation
HACNet
Formal Verification
• Specification language used to represent entities, actions, and events.
• Properties to be checked are represented as CTL or LTL formulas.
• Model checker checks the state space to prove the validity of properties.
• Approach models belief’s held by entities, and ensures they are not violated.
• The protocol is represented as a finite automata. The model checker, verifies if the language representing the property is accepted.
Formal verification and methods involves the mathematicalanalysis of systems in order to verify correctness.
HACNet
Complexity, Problems and drawbacks of Formal Verification
State space growsexponentially in the
number ofprocesses and
variables
State explosion problem amelioratedthrough reduction techniques and by
imposing various constraints.
Simplifying abstractions and assumption at a very high level results in incompleteverification. The types of attacks and flaws detected are highly restricted.
Real world timing cannot be represented. Time can only be modeled aseventuality, or occurrence. Communication and security protocols require precise
timing constraints.
Logics to specify, represent the protocol and properties, are very complicated,non-intuitive and tedious.
HACNet
Simulation-based Approach
• Automated approach to validation.
• Protocol modeled, as a set of asynchronous communicating Finite State Machines.
• Each entity tracks its knowledge in terms of keys,
nonces and message types. • Finite number of states,
requiring a finite number of
runs.
• Protocol traces are simulated in order to check for property violations.
• A trace of the incorrect execution is generated if it
exists. • Unlike systems based on logics,
do not have to interpret belief’s
about each message.
HACNet
Advantages of simulation
• Reflects a strong correspondence with the specification.
• Accurately represents
implementation semantics. • Efficiently represents delay,
link failure, error etc.
• Captures the notion of time precisely.
• Intruder can be modeled as required.
• Easily check properties such as confidentiality, authentication, and integrity.
• Simulation better suited for
large protocols.
• More intuitive for verifying properties.
HACNet
Architectural Model
Protocol Validator
Intruder models
Algorithms-State space exploration- guiding algorithms- error detection algorithms- validation algorithm
FSM representation of Processes Validation algorithm
Protocol implementation based abstractions
Simulator
Guide simulation
Protocol execution
Approach:-Simulate the model based upon the FSM representation by applying the validation method- Report anomalous execution traces, errors, flaws etc.
SpecificationImplementation Attack model
Execution flaws, errors
HACNet
Modeling Security Properties
IDI, KPI, KAI, Messages-I
Initiator
IDR, KAA, KPA, Messages-A
Intruder Responder
IDA, KPR, KAR, Messages-R
Confidentiality: During simulation the intruder can never learn the private keys of the initiator or responder.
Channel
Authentication: The meta channel within the Meta Authentication framework will be used to verify authentication properties.*
Meta Channel
Timing : Timing properties may be checked by the use of scheduled interrupts, and delay specification models.
* Meta Authentication framework is designed by our group for the verification of authentication protocols and properties.
HACNet
Intruder model capabilities
• Randomly initiates attacks during protocol execution.
• Very powerful tool in detecting attack traces.
• Combine with an attack model to target the specific faults and property violations.
HACNet
Attacks
• Needham Schroeder Public Key Protocol
• Oracle attack
• Parallel attack
• Replay attack
Initiator Intruder Responder
Oracle Attack
HACNet
Results and Conclusion
• Protocol developed and simulated in OPNET.
• 140 runs were made, with intruder conducting random attacks.
• All the attacks were detected and various properties demonstrated.
• Configuration demonstrated was free of flaws.
• Simulation is a valuable approach for protocol validation.
• It is not guaranteed to detect errors.
• Need to run simulations for incrementally longer durations, with different attack models.
• Need to propose a guiding algorithm in detecting error states.
• Intuitive and simpler method to security protocol validation.
RESULTS CONCLUSIONS
HACNet
Future Work
Top Related