Presentation is loading. Please wait.

Presentation is loading. Please wait.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

Published byRalf Powell Modified over 8 years ago

Similar presentations

Presentation on theme: "HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering."— Presentation transcript:

1 HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering Department {venkatra, Nair, Seidel}@engr.smu.edu

2 HACNet Security Protocols: Properties and Services

3 HACNet Problems and flaws in Security Protocols

4 HACNet The need for Verification and Validation Verification and validation involves the systematic analyses of protocols in order to verify properties and detect errors.

5 HACNet Hierarchy and Stages in Validation and Verification

6 HACNet Formal Verification Specification language used to represent entities, actions, and events. Properties to be checked are represented as CTL or LTL formulas. Model checker checks the state space to prove the validity of properties. Approach models belief’s held by entities, and ensures they are not violated. The protocol is represented as a finite automata. The model checker, verifies if the language representing the property is accepted. Formal verification and methods involves the mathematical analysis of systems in order to verify correctness.

7 HACNet Complexity, Problems and drawbacks of Formal Verification

8 HACNet Simulation-based Approach Automated approach to validation. Protocol modeled, as a set of asynchronous communicating Finite State Machines. Each entity tracks its knowledge in terms of keys, nonces and message types. Finite number of states, requiring a finite number of runs. Protocol traces are simulated in order to check for property violations. A trace of the incorrect execution is generated if it exists. Unlike systems based on logics, do not have to interpret belief’s about each message.

9 HACNet Advantages of simulation Reflects a strong correspondence with the specification. Accurately represents implementation semantics. Efficiently represents delay, link failure, error etc. Captures the notion of time precisely. Intruder can be modeled as required. Easily check properties such as confidentiality, authentication, and integrity. Simulation better suited for large protocols. More intuitive for verifying properties.

10 HACNet Architectural Model Protocol Validator Intruder models Algorithms -State space exploration - guiding algorithms - error detection algorithms - validation algorithm FSM representation of Processes Validation algorithm Protocol implementation based abstractions Simulator Guide simulation Protocol execution Approach: -Simulate the model based upon the FSM representation by applying the validation method - Report anomalous execution traces, errors, flaws etc. Specification Implementation Attack model Execution flaws, errors

11 HACNet Modeling Security Properties IDI, KPI, KAI, Messages-I Initiator IDR, KAA, KPA, Messages-A Intruder Responder IDA, KPR, KAR, Messages-R Confidentiality: During simulation the intruder can never learn the private keys of the initiator or responder. Channel Authentication: The meta channel within the Meta Authentication framework will be used to verify authentication properties. * Meta Channel Timing : Timing properties may be checked by the use of scheduled interrupts, and delay specification models. * Meta Authentication framework is designed by our group for the verification of authentication protocols and properties.

12 HACNet Intruder model capabilities Randomly initiates attacks during protocol execution. Very powerful tool in detecting attack traces. Combine with an attack model to target the specific faults and property violations.

13 HACNet Attacks Needham Schroeder Public Key Protocol Oracle attack Parallel attack Replay attack

14 HACNet Results and Conclusion Protocol developed and simulated in OPNET. 140 runs were made, with intruder conducting random attacks. All the attacks were detected and various properties demonstrated. Configuration demonstrated was free of flaws. Simulation is a valuable approach for protocol validation. It is not guaranteed to detect errors. Need to run simulations for incrementally longer durations, with different attack models. Need to propose a guiding algorithm in detecting error states. Intuitive and simpler method to security protocol validation. RESULTSCONCLUSIONS

15 HACNet Future Work

Download ppt "HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering."

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
University of Twente The Netherlands Centre for Telematics and Information Technology Constraint Logic Programming for Verifying Security Protocols Sandro.

University of Twente The Netherlands Centre for Telematics and Information Technology Constraint Logic Programming for Verifying Security Protocols Sandro.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.
Lecture 3Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 3.

Lecture 3Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 3.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Software Testing and Quality Assurance

Software Testing and Quality Assurance
Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )

Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.

Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.
Model-based Analysis of Distributed Real-time Embedded System Composition Gabor Madl Sherif Abdelwahed

Model-based Analysis of Distributed Real-time Embedded System Composition Gabor Madl Sherif Abdelwahed
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.
1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.

1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.

Similar presentations

Ads by Google