Simulation-based Validation of Security Protocols

15
HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering Department {venkatra, Nair, Seidel}@engr.smu.edu

description

Simulation-based Validation of Security Protocols. Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering Department {venkatra, Nair, Seidel}@engr.smu.edu. Security Protocols: Properties and Services. Problems and flaws in Security Protocols. - PowerPoint PPT Presentation

Transcript of Simulation-based Validation of Security Protocols

Page 1: Simulation-based Validation of Security Protocols

HACNet

Simulation-based Validation of Security Protocols

Vinay Venkataraghavan

Advisors: S.Nair, P.-M. Seidel

HACNet Lab

Computer Science and Engineering Department

{venkatra, Nair, Seidel}@engr.smu.edu

Page 2: Simulation-based Validation of Security Protocols

HACNet

Security Protocols: Properties and Services

SecurityProtocols

Authentication Non-repudiationConfidentiality Integrity

Security Protocols contain subtle designand implementation flaws

Results in incorrectexecution

System is vulnerable tovarious attacks

Page 3: Simulation-based Validation of Security Protocols

HACNet

Problems and flaws in Security Protocols

SecurityProtocol Flaws

ElementaryProtocol Flaws

Password/Keyguessing flaws

Stale messageflaws

Parallel Sessionflaws

Internal Protocolflaws

Cryptosystemflaws

Occur in protocols that have no protectionagainst adversary attacks

A protocol entity fails to complete all requisiteactions

Adversary gains information by exchangingsuitable protocol messages

Using old session messages for replayattacks

Choose passwords form a small set ofwords

System satisfies properties but exhibitsadditional properties that sacrifice confidentiality

and authenticaton

Page 4: Simulation-based Validation of Security Protocols

HACNet

The need for Verification and Validation

Flaws in security protocols need to be detected and correctedin order to maintain reliability.

Verification and validation required in order to detect subtleflaws in protocols.

Need for V&Vclassified as follows

Flaws in functional specification. Theare contained in the high level

specifications.

Implementation dependent flaws.Occur in some implementations

and not others.

Implementation Flaws. These manifestwhen a correct specification is

incorrectly implemented.

Verification and validation involves the systematic analyses ofprotocols in order to verify properties and detect errors.

Page 5: Simulation-based Validation of Security Protocols

HACNet

Hierarchy and Stages in Validation and Verification

Errorsintroduced

Errorsintroduced

Formalspecificatons

Simulation/Validation

Programmers

Implementation

InformalSpecifications

Hierarchy of verification andvalidation techniques

Modal LogicSystems

Systems basedon process

algebras

State machinebased

systems

Simulation basedtechniques

Protocol Specification

Protocol Implementation

Page 6: Simulation-based Validation of Security Protocols

HACNet

Formal Verification

• Specification language used to represent entities, actions, and events.

• Properties to be checked are represented as CTL or LTL formulas.

• Model checker checks the state space to prove the validity of properties.

• Approach models belief’s held by entities, and ensures they are not violated.

• The protocol is represented as a finite automata. The model checker, verifies if the language representing the property is accepted.

Formal verification and methods involves the mathematicalanalysis of systems in order to verify correctness.

Page 7: Simulation-based Validation of Security Protocols

HACNet

Complexity, Problems and drawbacks of Formal Verification

State space growsexponentially in the

number ofprocesses and

variables

State explosion problem amelioratedthrough reduction techniques and by

imposing various constraints.

Simplifying abstractions and assumption at a very high level results in incompleteverification. The types of attacks and flaws detected are highly restricted.

Real world timing cannot be represented. Time can only be modeled aseventuality, or occurrence. Communication and security protocols require precise

timing constraints.

Logics to specify, represent the protocol and properties, are very complicated,non-intuitive and tedious.

Page 8: Simulation-based Validation of Security Protocols

HACNet

Simulation-based Approach

• Automated approach to validation.

• Protocol modeled, as a set of asynchronous communicating Finite State Machines.

• Each entity tracks its knowledge in terms of keys,

nonces and message types. • Finite number of states,

requiring a finite number of

runs.

• Protocol traces are simulated in order to check for property violations.

• A trace of the incorrect execution is generated if it

exists. • Unlike systems based on logics,

do not have to interpret belief’s

about each message.

Page 9: Simulation-based Validation of Security Protocols

HACNet

Advantages of simulation

• Reflects a strong correspondence with the specification.

• Accurately represents

implementation semantics. • Efficiently represents delay,

link failure, error etc.

• Captures the notion of time precisely.

• Intruder can be modeled as required.

• Easily check properties such as confidentiality, authentication, and integrity.

• Simulation better suited for

large protocols.

• More intuitive for verifying properties.

Page 10: Simulation-based Validation of Security Protocols

HACNet

Architectural Model

Protocol Validator

Intruder models

Algorithms-State space exploration- guiding algorithms- error detection algorithms- validation algorithm

FSM representation of Processes Validation algorithm

Protocol implementation based abstractions

Simulator

Guide simulation

Protocol execution

Approach:-Simulate the model based upon the FSM representation by applying the validation method- Report anomalous execution traces, errors, flaws etc.

SpecificationImplementation Attack model

Execution flaws, errors

Page 11: Simulation-based Validation of Security Protocols

HACNet

Modeling Security Properties

IDI, KPI, KAI, Messages-I

Initiator

IDR, KAA, KPA, Messages-A

Intruder Responder

IDA, KPR, KAR, Messages-R

Confidentiality: During simulation the intruder can never learn the private keys of the initiator or responder.

Channel

Authentication: The meta channel within the Meta Authentication framework will be used to verify authentication properties.*

Meta Channel

Timing : Timing properties may be checked by the use of scheduled interrupts, and delay specification models.

* Meta Authentication framework is designed by our group for the verification of authentication protocols and properties.

Page 12: Simulation-based Validation of Security Protocols

HACNet

Intruder model capabilities

• Randomly initiates attacks during protocol execution.

• Very powerful tool in detecting attack traces.

• Combine with an attack model to target the specific faults and property violations.

Page 13: Simulation-based Validation of Security Protocols

HACNet

Attacks

• Needham Schroeder Public Key Protocol

• Oracle attack

• Parallel attack

• Replay attack

Initiator Intruder Responder

Oracle Attack

Page 14: Simulation-based Validation of Security Protocols

HACNet

Results and Conclusion

• Protocol developed and simulated in OPNET.

• 140 runs were made, with intruder conducting random attacks.

• All the attacks were detected and various properties demonstrated.

• Configuration demonstrated was free of flaws.

• Simulation is a valuable approach for protocol validation.

• It is not guaranteed to detect errors.

• Need to run simulations for incrementally longer durations, with different attack models.

• Need to propose a guiding algorithm in detecting error states.

• Intuitive and simpler method to security protocol validation.

RESULTS CONCLUSIONS

Page 15: Simulation-based Validation of Security Protocols

HACNet

Future Work