Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formal Verification of AODV Protocol using Cadence SMV Xin Liu and Jun Wang (CPSC513 Course.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Formal Verification of AODV Protocol using Cadence SMV Xin Liu and Jun Wang (CPSC513 Course."— Presentation transcript:

1 Formal Verification of AODV Protocol using Cadence SMV Xin Liu and Jun Wang liu@cs.ubc.caliu@cs.ubc.ca, jwang@cs.ubc.cajwang@cs.ubc.ca (CPSC513 Course Project)

2 Outline  Motivation  AODV Introduction  Building Model  Conclusion

3 Motivation  Find an appropriate approach to use Cadence SMV verifying real-life software communication protocols, such as AODV. The emphasis is on how to build the model.  Find some bugs in AODV protocol (RFC3561)? Hope we can …RFC3561

4 AODV Introduction  AODV (Ad hoc On-demand Distance Vector) Protocol a reactive routing protocol for ad hoc mobile networks. IETF standardizing for MANET. 13 Internet drafts, 1 experimental RFC3561 (July 2003)RFC3561 Important property: Loop free

5 AODV Introduction (cont.)  Example: B A C originator intermediator destination Dest SeqNext HopHop count --- Dest SeqNext HopHop count --- Dest SeqNext HopHop count --- Seq: 0 RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq RREQ: - RREP: 0, 0

6 AODV Introduction (cont.)  Example: B A C originator intermediator destination Dest SeqNext HopHop count --- Dest SeqNext HopHop count 0C1 Dest SeqNext HopHop count --- Seq: 0 RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq RREP: 0, 1

7 AODV Introduction (cont.)  Example: B A C originator intermediator destination Dest SeqNext HopHop count 0B2 Dest SeqNext HopHop count 0C1 Dest SeqNext HopHop count --- Seq: 0 RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq

8 Building Model We have built 4 versions of models. Some tricks in modeling: (included in all the models)  How to model node: we do not model node as a module, instead, we model each operation of nodes as a module, such as route discovery, receive a RREP, etc.  Timeout: nondeterminism or counter.  Sequence Number: it ’ s too expensive to model it as infinite or 32 bits long. Solution is using small number (<3) and a boundary value.  Periodical Hello message: it ’ s very hard to model periodical message in SMV, so the solution is not to model it directly. Instead, we model link break as a process, which has the same effect as not receiving periodical hello message.  Message Loss: easy to model, but hard to be fair. Solution is to use fairness constraints if the property we are verifying is reachability. For Loop-free property, nondeterminism is fine.

9 Building Model – 1 st Model 1 st Model(Na ï ve approach):  Try to build a complete and general model. Results:  2 nodes model can work, but it consumes 300 ~ 400 MB memory.  3 nodes model state explosion! 

10 Building Model – 2 nd Model 2 nd Model:  Every node has a specific role: originator, intermediator, or destination. Only originator can initiate route discovery. Each node only maintains data which is related to its role.  Enumerate possible network topology, model separately for each meaningful topology.

11 Building Model – 2 nd Model 3 nodes possible network topology: originatorintermediatordestination intermediator originator destination (a) Linear Topology (b) Triangle Topology

12 Building Model – 2 nd Model Result:  The result is “ Great! ”, we found 2 “ bugs ”, one is found by Linear model, the other is found by Triangle model.  Table Are they really bugs?  No, we found that we increased destination sequence number incorrectly in some situation.   We should be more careful to model the protocol, but we think that RFC3561 is not organized very well, and it is not written clearly.RFC3561 VariablesMemoryRunning Time Linear Model48114 MB4 minutes Triangle Model88130 MB4.5 minutes

13 Building Model – 3 rd Model 3 rd Model:  First, fix the mistakes in the 2 nd Model.  Minimize the number of variables further. We get rid of the variables which can be derived by other variables.  Besides considering 3 nodes, also consider 4 nodes possible network topology, model the meaningful topology separately.

14 Building Model – 3 rd Model 4 nodes possible network topology: Star Topology Umbrella Topology Linear Topology Diamond TopologyComplete TopologyCamel Topology

15 Building Model – 3 rd Model We modeled the star and umbrella topology for 4 nodes. Result:  3 nodes models can work.  4 nodes star topology can work, it has 98 variables, consumes 45 MB memory, and runs for 2 minutes.  But 4 nodes umbrella topology can not work, it does not state explosion, instead, whenever it consumes 600+MB memory, SMV crash!  The verification result:  “ Loop free ”

16 Building Model – 4 th Model Is AODV really loop free? What else can we do? During model construction, we did abstractions, lots of details are not considered and modeled. Look at RFC3561 more carefully, we found this sentence:RFC3561 “ A node initiates a RERR message in three situations: (i) … (ii) if it gets a data packet destined to a node for which it does not have an active route … (iii) …” We decide to add the data packet into our model.

17 Building Model – 4 th Model 4 th Model:  Add the data packet into the model. Results:  3 nodes triangle model found a bug, Great!!!  We double checked the RFC3561, we think that it is a real bug!RFC3561

18 Building Model – 4 th Model The bug we found: B A C originator intermediator destination Dest SeqflagNext HopHop count 0validB2 Seq: 0 X Link break RREQ: 1 (loss) Dest SeqflagNext HopHop count 0validC1 Repair RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq

19 Building Model – 4 th Model The bug we found: B A C originator intermediator destination Dest SeqflagNext HopHop count 0validB2 Seq: 0 X Link break Repair timeout Dest SeqflagNext HopHop count 1invalid-- RERR: 0 (loss) RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq

20 The bug we found: B A C originator intermediator destination Dest SeqflagNext HopHop count 0validB2 Seq: 0 X Link break Dest SeqflagNext HopHop count 1invalid-- Building Model – 4 th Model RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq RREQ: 1

21 The bug we found: B A C originator intermediator destination Dest SeqflagNext HopHop count 0validB2 Seq: 1 X Link break Dest SeqflagNext HopHop count 1invalid-- Building Model – 4 th Model Data packet RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq RREP: 1, 0

22 The bug we found: B A C originator intermediator destination Dest SeqflagNext HopHop count 1validC1 Seq: 1 X Link break Dest SeqflagNext HopHop count 1invalid-- Building Model – 4 th Model RERR: 1 RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq RREP: 1, 1

23 The bug we found: B A C originator intermediator destination Dest SeqflagNext HopHop count 1invalid-- Seq: 1 X Link break Dest SeqflagNext HopHop count 1validA2 Building Model – 4 th Model RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq

24 The bug we found: Building Model – 4 th Model The bug we found: B A C originator intermediator destination Dest SeqflagNext HopHop count 1invalid-- Seq: 1 X Link break Dest SeqflagNext HopHop count 1validA2 X Link break RREQ: 1 RREP: 1, 2 RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq

25 The bug we found: Building Model – 4 th Model The bug we found: B A C originator intermediator destination Dest SeqflagNext HopHop count 1validB3 Seq: 1 X Link break Dest SeqflagNext HopHop count 1validA2 X Link break RREQ: dest_seq RREP: dest_seq, hop_count RERR: dest_seq

26 Conclusion  We find an appropriate approach to use SMV verifying AODV protocol, that is, model separately for each role and for each possible network topology.  We find a bug in current AODV protocol.  We think SMV is not a suitable tools for verifying communication protocols, it is more suitable for verifying hardware systems.  To verify real-life communication protocols, you need a very powerful machine, our suggestion is try to find a Mainframe …

27 References 1.RFC3561 http://www.faqs.org/rfcs/rfc3561.htmlRFC3561 http://www.faqs.org/rfcs/rfc3561.html 2.Cadence SMV documentation 3.K. Bhargavan, D. Obradovic, C. A. Gunter, Formal Verification of Standards for Distance Vector Routing Protocols, JACM, Volume 49, Issue 4, July 2002.Formal Verification of Standards for Distance Vector Routing Protocols 4.Sibusisiwe Chiyangwa, Marta Kwiatkowska, Modeling Ad hoc On-demand Distance Vector (AODV) Protocol with Time Automata, in Proc, Third Workshop on Automated verification of Critical Systems (AVoCS'03), Southampton April 2003Modeling Ad hoc On-demand Distance Vector (AODV) Protocol with Time Automata 5.…

28 Formal Verification of AODV Protocol using Cadence SMV Thanks! Thanks! Created by Xin Liu and Jun Wang, April 3, 2004

Download ppt "Formal Verification of AODV Protocol using Cadence SMV Xin Liu and Jun Wang (CPSC513 Course."

Similar presentations

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
6LoWPAN Ad Hoc On-Demand Distance Vector Routing (LOAD) Ki-Hyung Kim, S. Daniel Park, G. Montenegro, S. Yoo, and N. Kushalnagar IETF 6LoWPAN WG 66th, Montreal,

6LoWPAN Ad Hoc On-Demand Distance Vector Routing (LOAD) Ki-Hyung Kim, S. Daniel Park, G. Montenegro, S. Yoo, and N. Kushalnagar IETF 6LoWPAN WG 66th, Montreal,
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT

MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Specification-based Intrusion Detection Michael May CIS-700 Fall 2004.

Specification-based Intrusion Detection Michael May CIS-700 Fall 2004.
Formal Verification of AODV Protocol using cadence SMV Jun Wang and Xin Liu (CPSC513 Course.

Formal Verification of AODV Protocol using cadence SMV Jun Wang and Xin Liu (CPSC513 Course.
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.

An Analysis of the Optimum Node Density for Ad hoc Mobile Networks Elizabeth M. Royer, P. Michael Melliar-Smith and Louise E. Moser Presented by Aki Happonen.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.

Nov.6, 2002 Secure Routing Protocol for Ad Hoc Networks Li Xiaoqi.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Li Xiaoqi, GiGi October 28, 2003.
TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.

TAODV: A Trust Model Based Routing Protocol for Secure Ad Hoc Networks Xiaoqi Li, Michael R. Lyu, and Jiangchuan Liu IEEE Aerospace Conference March 2004.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.

CS541 Advanced Networking 1 Mobile Ad Hoc Networks (MANETs) Neil Tang 02/02/2009.
Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.

Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.
Ad-hoc On-Demand Distance Vector Routing (AODV) Sirisha R. Medidi.

Ad-hoc On-Demand Distance Vector Routing (AODV) Sirisha R. Medidi.
Overview of AODV protocol SNAP Presentation 9/7/2007 Jaein Jeong and Jorge Ortiz.

Overview of AODV protocol SNAP Presentation 9/7/2007 Jaein Jeong and Jorge Ortiz.
Aodv. Distance vector routing Belman principle AODV - overview Similar to DSR –On demand –Route request when needed and route reply when a node knows.

Aodv. Distance vector routing Belman principle AODV - overview Similar to DSR –On demand –Route request when needed and route reply when a node knows.

Similar presentations

Ads by Google