HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

Slides:

Advertisements

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

AUTHENTICATION AND KEY DISTRIBUTION

University of Twente The Netherlands Centre for Telematics and Information Technology Constraint Logic Programming for Verifying Security Protocols Sandro.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

Lecture 3Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 3.

LIFE CYCLE MODELS FORMAL TRANSFORMATION

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Software Testing and Quality Assurance

Asynchronous Consensus (Some Slides borrowed from ppt on Web.(by Ken Birman) )

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Testing Implementations of Access Control and Authentication Graduate Students: Ammar Masood, K. Jayaram School of Electrical and Computer Engineering.

Model-based Analysis of Distributed Real-time Embedded System Composition Gabor Madl Sherif Abdelwahed

November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli

1 Pertemuan 26 Manajemen Jaringan dan Network Security Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Formal verification Marco A. Peña Universitat Politècnica de Catalunya.

Using UML Models for the Performance Analysis of Network Systems Nico de Wet and Pieter Kritzinger Department of Computer Science University of Cape Town.

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

Using a Formal Specification and a Model Checker to Monitor and Guide Simulation Verifying the Multiprocessing Hardware of the Alpha Microprocessor.

Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Verification and Validation Overview References: Shach, Object Oriented and Classical Software Engineering Pressman, Software Engineering: a Practitioner’s.

Executable specification of cryptofraglets with Maude for security verification Fabio Martinelli and Marinella Petrocchi IIT-CNR, Pisa Italy presented.

Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.

Formal Analysis of Security Protocols Dr. Changyu Dong

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )

Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.

1 Hybrid-Formal Coverage Convergence Dan Benua Synopsys Verification Group January 18, 2010.

A Static Approach to Consistency Verification of UML Models Andrea Baruzzo Department of Computer Science University of Udine MoDeV.

CSCE 813 Internet Security Cryptographic Protocol Analysis.

Safety-Critical Systems 5 Testing and V&V T

Fault-Tolerant Parallel and Distributed Computing for Software Engineering Undergraduates Ali Ebnenasir and Jean Mayo {aebnenas, Department.

Major Disciplines in Computer Science Ken Nguyen Department of Information Technology Clayton State University.

Intrusion Tolerant Software Architectures Bruno Dutertre and Hassen Saïdi System Design Laboratory, SRI International OASIS PI Meeting.

Correctness Proofs and Counter-model Generation with Authentication-Protocol Logic Koji Hasebe Mitsuhiro Okada Department of Philosophy, Keio University.

Formal Methods.

Network Protocols Network Systems Security Mort Anvari.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Abstract A Structured Approach for Modular Design: A Plug and Play Middleware for Sensory Modules, Actuation Platforms, Task Descriptions and Implementations.

- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Computer Simulation of Networks ECE/CSC 777: Telecommunications Network Design Fall, 2013, Rudra Dutta.

Properties Incompleteness Evaluation by Functional Verification IEEE TRANSACTIONS ON COMPUTERS, VOL. 56, NO. 4, APRIL

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.

September 1999Compaq Computer CorporationSlide 1 of 16 Verification of cache-coherence protocols with TLA+ Homayoon Akhiani, Damien Doligez, Paul Harter,

International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.

Model Checking for Security Protocols Will Marrero, Edmund Clarke, Shomesh Jha.

1 Testing Implementations Of Access Control Systems (New Proposal) Ammar Masood: Graduate Student Arif Ghafoor (ECE) and Aditya Mathur (CS) Purdue University,

Definition CASE tools are software systems that are intended to provide automated support for routine activities in the software process such as editing.

Verification and Validation Overview

Security Protocols Analysis

Gabor Madl Ph.D. Candidate, UC Irvine Advisor: Nikil Dutt

Model Checking for an Executable Subset of UML

Software Verification and Validation

Software Verification and Validation

Software Verification and Validation

Presentation transcript:

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering Department {venkatra, Nair,

HACNet Security Protocols: Properties and Services

HACNet Problems and flaws in Security Protocols

HACNet The need for Verification and Validation Verification and validation involves the systematic analyses of protocols in order to verify properties and detect errors.

HACNet Hierarchy and Stages in Validation and Verification

HACNet Formal Verification Specification language used to represent entities, actions, and events. Properties to be checked are represented as CTL or LTL formulas. Model checker checks the state space to prove the validity of properties. Approach models belief’s held by entities, and ensures they are not violated. The protocol is represented as a finite automata. The model checker, verifies if the language representing the property is accepted. Formal verification and methods involves the mathematical analysis of systems in order to verify correctness.

HACNet Complexity, Problems and drawbacks of Formal Verification

HACNet Simulation-based Approach Automated approach to validation. Protocol modeled, as a set of asynchronous communicating Finite State Machines. Each entity tracks its knowledge in terms of keys, nonces and message types. Finite number of states, requiring a finite number of runs. Protocol traces are simulated in order to check for property violations. A trace of the incorrect execution is generated if it exists. Unlike systems based on logics, do not have to interpret belief’s about each message.

HACNet Advantages of simulation Reflects a strong correspondence with the specification. Accurately represents implementation semantics. Efficiently represents delay, link failure, error etc. Captures the notion of time precisely. Intruder can be modeled as required. Easily check properties such as confidentiality, authentication, and integrity. Simulation better suited for large protocols. More intuitive for verifying properties.

HACNet Architectural Model Protocol Validator Intruder models Algorithms -State space exploration - guiding algorithms - error detection algorithms - validation algorithm FSM representation of Processes Validation algorithm Protocol implementation based abstractions Simulator Guide simulation Protocol execution Approach: -Simulate the model based upon the FSM representation by applying the validation method - Report anomalous execution traces, errors, flaws etc. Specification Implementation Attack model Execution flaws, errors

HACNet Modeling Security Properties IDI, KPI, KAI, Messages-I Initiator IDR, KAA, KPA, Messages-A Intruder Responder IDA, KPR, KAR, Messages-R Confidentiality: During simulation the intruder can never learn the private keys of the initiator or responder. Channel Authentication: The meta channel within the Meta Authentication framework will be used to verify authentication properties. * Meta Channel Timing : Timing properties may be checked by the use of scheduled interrupts, and delay specification models. * Meta Authentication framework is designed by our group for the verification of authentication protocols and properties.

HACNet Intruder model capabilities Randomly initiates attacks during protocol execution. Very powerful tool in detecting attack traces. Combine with an attack model to target the specific faults and property violations.

HACNet Attacks Needham Schroeder Public Key Protocol Oracle attack Parallel attack Replay attack

HACNet Results and Conclusion Protocol developed and simulated in OPNET. 140 runs were made, with intruder conducting random attacks. All the attacks were detected and various properties demonstrated. Configuration demonstrated was free of flaws. Simulation is a valuable approach for protocol validation. It is not guaranteed to detect errors. Need to run simulations for incrementally longer durations, with different attack models. Need to propose a guiding algorithm in detecting error states. Intuitive and simpler method to security protocol validation. RESULTSCONCLUSIONS

HACNet Future Work