1 / 15

Simulation-based Validation of Security Protocols

Simulation-based Validation of Security Protocols. Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering Department {venkatra, Nair, Seidel}@engr.smu.edu. Security Protocols: Properties and Services. Problems and flaws in Security Protocols.

Download Presentation

Simulation-based Validation of Security Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering Department {venkatra, Nair, Seidel}@engr.smu.edu HACNet

  2. Security Protocols: Properties and Services HACNet

  3. Problems and flaws in Security Protocols HACNet

  4. The need for Verification and Validation Verification and validation involves the systematic analyses of protocols in order to verify properties and detect errors. HACNet

  5. Hierarchy and Stages in Validation and Verification HACNet

  6. Specification language used to represent entities, actions, and events. Properties to be checked are represented as CTL or LTL formulas. Model checker checks the state space to prove the validity of properties. Approach models belief’s held by entities, and ensures they are not violated. The protocol is represented as a finite automata. The model checker, verifies if the language representing the property is accepted. Formal Verification Formal verificationand methods involves the mathematical analysis of systems in order to verify correctness. HACNet

  7. Complexity, Problems and drawbacks of Formal Verification HACNet

  8. Automated approach to validation. Protocol modeled, as a set of asynchronous communicating Finite State Machines. Each entity tracks its knowledge in terms of keys, nonces and message types. Finite number of states, requiring a finite number of runs. Protocol traces are simulated in order to check for property violations. A trace of the incorrect execution is generated if it exists. Unlike systems based on logics, do not have to interpret belief’s about each message. Simulation-based Approach HACNet

  9. Reflects a strong correspondence with the specification. Accurately represents implementation semantics. Efficiently represents delay, link failure, error etc. Captures the notion of time precisely. Intruder can be modeled as required. Easily check properties such as confidentiality, authentication, and integrity. Simulation better suited for large protocols. More intuitive for verifying properties. Advantages of simulation HACNet

  10. Simulator Guide simulation Protocol execution Architectural Model Specification Attack model Implementation Protocol Validator Protocol implementation based abstractions • Algorithms • State space exploration • guiding algorithms • error detection algorithms • validation algorithm Intruder models FSM representation of Processes Validation algorithm • Approach: • Simulate the model based upon the FSM representation by applying the validation method • Report anomalous execution traces, errors, flaws etc. Execution flaws, errors HACNet

  11. Initiator Responder Intruder IDI, KPI, KAI, Messages-I IDR, KAA, KPA, Messages-A IDA, KPR, KAR, Messages-R Modeling Security Properties Meta Channel Channel Confidentiality: During simulation the intruder can never learn the private keys of the initiator or responder. Authentication: The meta channel within the Meta Authentication framework will be used to verify authentication properties.* Timing : Timing properties may be checked by the use of scheduled interrupts, and delay specification models. * Meta Authentication framework is designed by our group for the verification of authentication protocols and properties. HACNet

  12. Intruder model capabilities • Randomly initiates attacks • during protocol execution. • Very powerful tool in detecting • attack traces. • Combine with an attack model • to target the specific faults and • property violations. HACNet

  13. Needham Schroeder Public Key Protocol Oracle attack Parallel attack Replay attack Attacks HACNet

  14. Protocol developed and simulated in OPNET. 140 runs were made, with intruder conducting random attacks. All the attacks were detected and various properties demonstrated. Configuration demonstrated was free of flaws. Simulation is a valuable approach for protocol validation. It is not guaranteed to detect errors. Need to run simulations for incrementally longer durations, with different attack models. Need to propose a guiding algorithm in detecting error states. Intuitive and simpler method to security protocol validation. Results and Conclusion RESULTS CONCLUSIONS HACNet

  15. Future Work HACNet

More Related