of ssh implementations
play

of SSH Implementations Paul Fiterau, Toon Lenaerts, Erik Poll, - PowerPoint PPT Presentation

Jan 13, 2023 •483 likes •1.22k views

Model Learning and Model Checking of SSH Implementations Paul Fiterau, Toon Lenaerts, Erik Poll, Joeri de Ruiter, Frits Vaandrager, Patrick Verleg Introduction protocols: SSH, TLS, SMTP, FTP, TCP, UDP many implementations per

  1. Model Learning and Model Checking of SSH Implementations Paul Fiterau, Toon Lenaerts, Erik Poll, Joeri de Ruiter, Frits Vaandrager, Patrick Verleg

  2. Introduction • protocols: SSH, TLS, SMTP, FTP, TCP, UDP … • many implementations per protocol ➢ implementations MUST/SHOULD/MAY adhere to the specifications…

  3. Introduction • protocols: SSH, TLS, SMTP, FTP, TCP, UDP … • many implementations per protocol conformance ➢ implementations MUST/SHOULD/MAY adhere to testing the specifications…

  4. Motivation Model Learning  automatically infers models for concrete implementations  checking conformance of models may be difficult

  5. Motivation Model Learning  automatically infers models for concrete implementations  checking conformance of models may be difficult

  6. Motivation Model Checking  automatically checks conformance of models to specifications  requires models and formalized specifications Model Learning  automatically infers models for concrete implementations  checking conformance of models may be difficult

  7. Motivation Model Learning + Model Checking  automatically infers models for concrete implementations  automatically checks conformance of models to specifications  requires formalized specifications Model Checking  automatically checks conformance of models to specifications  requires models and formalized specifications Model Learning  automatically infers models for concrete implementations  checking conformance of models may be difficult

  8. What was done Model Learning + Model Checking  automatically infers models for concrete implementations  automatically checks conformance of models to specifications  requires formalized specifications Application of ML+MC on SSH (a real world protocol): 1. use Model Learning to infer models of 3 SSH server implementations 2. formalize specifications from the SSH RFC standards 3. use Model Checking to verify models against these specification

  9. What was done Model Learning + Model Checking  automatically infers models for concrete implementations  automatically checks conformance of models to specifications  requires formalized specifications SUL RFC Schematic Overview Model Learning Spec. formalization prop1_LTL prop2_LTL SUL: SUL: prop1_LTL Model Checking prop2_LTL

  10. What was done Model Learning + Model Checking  automatically infers models for concrete implementations  automatically checks conformance of models to specifications  requires formalized specifications enough for a publication?

  11. What was done Model Learning + Model Checking  automatically infers models for concrete implementations  automatically checks conformance of models to specifications  requires formalized specifications Model Learning: Model Checking:  requires mapper component  requires model transformation  requires thorough testing  requires counterexample validation

  12. What was done Model Learning + Model Checking  automatically infers models for concrete implementations  automatically checks conformance of models to specifications  requires mapper component Patrick’s M. Thesis  requires formalized specifications  requires thorough testing Toon’s B. Thesis Publication  requires model transformation  requires counterexample validation

  13. What was done SUL RFC Model Learning Spec. formalization prop1_LTL prop2_LTL SUL: SUL: prop1_LTL Model Checking prop2_LTL

  14. Model Learning SUL (System under Learning) inputs Learner outputs inferred state model

  15. Model Learning Learner Queries: register/ok login Learner SUL nok logout/ok register/ok Mealy login/ok Machine */nok */nok */nok Input Alphabet: [register, login, logout] Output Alphabet: [ok, nok]

  16. Model Learning Learner Queries: register/ok login/nok logout/nok register/ok register/nok register, login Learner SUL ok, ok logout/ok register/ok login/ok */nok */nok */nok Input Alphabet: [register, login, logout]

  17. Model Learning Learner Queries: register/ok login/nok logout/nok register register/ ok nok register, login Learner SUL ok, ok Hypothesis: logout/ok register/ok login/ok */nok */nok */nok

  18. Model Learning Learner SUL Hypothesis: logout/ok Tester register/ok login/ok */nok */nok */nok

  19. Model Learning Test Queries: register register login/ok nok nok Learner SUT tests Hypothesis: logout/ok Tester register/ok login/ok */nok */nok */nok

  20. Model Learning Learner SUT Hypothesis: logout/ok correct! Tester register/ok login/ok */nok */nok */nok

  21. Model Learning new queries Learner SUT New Hypothesis Tester

  22. Model Learning new queries Learner SUL tests New Hypothesis correct! Tester

  23. Model Learning Learner/ SUL Tester

  24. Model Learning Learner/ SUL Tester SUL.login, login, logout SUL.logout ok, nok true/false concrete i/o abstract i/o (strings) method calls, returned obj. packets

  25. Model Learning Learner/ SUL Tester login(uid) login_0 login_1 ok, nok … ok, nok parameterized small abstract i/o alphabet i/o alphabet

  26. Model Learning abstract i/o param i/o concrete i/o login(“admin”) SUL.login (“admin”) login_valid Learner/ Mapper SUL Tester ok true ok Mapper 1. translates: ➢ between abstract and param. i/o ➢ between param. i/o and concrete i/o

  27. Model Learning Learner/ Mapper SUL Tester Mapper 1. translates: ➢ between abstract and param. i/o ➢ between param. i/o and concrete i/o 2. gives a (deterministic) Mealy Machine representation ➢ removes time dependencies, non-determinism..

  28. Model Learning queries concrete queries/tests Learner Mapper SUL tests New Hypothesis correct! Tester

  29. SUL RFC Spec. Model Learning Model Learning formalization prop1_LTL prop2_LTL SUL: SUL: prop1_LTL Model Checking prop2_LTL queries concrete queries/tests Learner Mapper SUL tests New Hypothesis correct! Tester

  30. Model Learning queries concrete queries/tests Learner Mapper SUL tests TODOs: correct! Tester 1. know your SUL 2. define i/o alphabet 3. implement mapper 4. choose learner and tester algorithms 5. connect and execute!

  31. Model Learning queries concrete queries/tests Learner Mapper SUL tests TODOs: correct! Tester 1. know your SUL 2. define i/o alphabet 3. implement mapper 4. choose learner and tester algorithms 5. connect and execute!

  32. The SSH Protocol ➢ protocol for operating network services (e.g. terminal) securely over an unsecured network ➢ client/server application layer protocol, runs on top of TCP CLIENT APPLICATION SERVER APPLICATION UNSECURE NETWORK

  33. The SSH Protocol ➢ protocol for operating network services (e.g. terminal) securely over an unsecured network ➢ client/server application layer protocol, runs on top of TCP ➢ Learner + Mapper replaces the SSH CLIENT, goal learn the SSH Server! SERVER APPLICATION LEARNER APPLICATION (= SUL) UNSECURE Learner + Mapper NETWORK

  34. The SSH Protocol ➢ comprises three layers which interoperate (no encapsulation) ➢ each layer responsible for each of the 3 protocol steps, ➢ for each we define the happy flow at an abstract level User Authentication Connection Layer Layer Transport Layer TCP/IP Layer CLIENT APPLICATION SERVER APPLICATION UNSECURE NETWORK

  35. The SSH Protocol User Authentication Connection Layer Layer ➢ 3 steps Transport Layer 1. establish a secure connection ( by exchanging keys) TCP/IP Layer CLIENT APPLICATION SERVER APPLICATION UNSECURE NETWORK

  36. The SSH Protocol User Authentication Connection Layer Layer ➢ 3 steps Transport Layer 1. establish a secure connection ( by exchanging keys) TCP/IP Layer CLIENT APPLICATION SERVER APPLICATION UNSECURE NETWORK

  37. The SSH Protocol User Authentication Connection Layer Layer ➢ 3 steps Transport Layer 1. establish a secure connection ( by exchanging keys) TCP/IP Layer 1. exchange preferences (KEXINIT) 2. perform key exchange (KEXxx) 3. put new keys to use (NEWKEYS) 4. engage the auth. service (SR_AUTH) Happy flow: Other inputs: DEBUG, IGNORE, DISCONNECT.. Other outputs: DEBUG, IGNORE, DISCONNECT..

  38. The SSH Protocol User Authentication Connection Layer Layer ➢ 3 steps Transport Layer 1. establish a secure connection ( by exchanging keys) TCP/IP Layer CLIENT APPLICATION SERVER APPLICATION UNSECURE NETWORK

  39. The SSH Protocol User Authentication Connection Layer Layer ➢ 3 steps Transport Layer 1. establish a secure connection ( by exchanging keys) TCP/IP Layer key re-exchange (rekey): same procedure, old keys are replaced by new ones can happen any time after the initial key exchange protocol should not affect operation of higher layer protocols CLIENT APPLICATION SERVER APPLICATION UNSECURE NETWORK

  40. The SSH Protocol User Authentication Connection Layer Layer ➢ 3 steps Transport Layer 1. establish a secure connection ( by exchanging keys) TCP/IP Layer 2. authentication with server password auth CLIENT APPLICATION SERVER APPLICATION user: john pwd: password auth successful

Recommend

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations :

Contracts vs. Implementations: Where? Common Eiffel Errors: Instructions for Implementations : inst 1 , inst 2 Contracts vs. Implementations Boolean expressions for Contracts: exp 1 , exp 2 , exp 3 , exp 4 , exp 5 feature -- Commands

231 views • 6 slides
Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array

Stack Implementations Tiziana Ligorio 1 Todays Plan Stack Implementations: Array Vector Linked Chain 2 Stack ADT #ifndef STACK_H_ #define STACK_H_ template<<typename ItemType> class

1.19k views • 71 slides
MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan (Slides from A.D. Gordon and C. Fournet) Spring, 2014 Outline of Lectures Lecture 1 (Jan 22, Today) Intro to Verified Protocol Implementations

1.32k views • 112 slides
Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla

Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla

Introduction Methodology Implementations Results Lightweight Implementations of SHA-3 Candidates on FPGAs Jens-Peter Kaps Panasayya Yalla Kishore Kumar Surapathi Bilal Habib Susheel Vadlamudi Smriti Gurung John Pham Cryptographic

461 views • 29 slides
Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on

Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on

Something with implementations Peter Schwabe June 23, 2016 PQCRYPTO Summer School on Post-Quantum Cryptography 2017 Part I: How to make software secure Something with implementations 2 Timing Attacks General idea of those attacks Secret

1.47k views • 65 slides
Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography Reading Group Presenter: C t lin Hri cu References Verified Interoperable Implementations of Security Protocols. Karthikeyan Bhargavan,

922 views • 70 slides
Re-indexing the DFT (n and k) We can investigate the various implementations of the DFT by

Re-indexing the DFT (n and k) We can investigate the various implementations of the DFT by

Re-indexing the DFT (n and k) We can investigate the various implementations of the DFT by looking at ways to re-index values of n and k. Idea: Using properties of addition and multiplication we can rewrite the equation. 1

541 views • 22 slides
Privacy of Geolocation Implementations Marcos Cceres, Opera Software ASA W3C Workshop on

Privacy of Geolocation Implementations Marcos Cceres, Opera Software ASA W3C Workshop on

Privacy of Geolocation Implementations Marcos Cceres, Opera Software ASA W3C Workshop on Privacy of Advance Web APIs 12 July, 2010. London, United Kingdom. Implementations iOS 4 Firefox 3.6 Chrome 6 Opera 10.6 Critical

445 views • 20 slides
Common Eiffel Errors: Contracts vs. Implementations EECS3311 A: Software Design Fall 2018 C HEN

Common Eiffel Errors: Contracts vs. Implementations EECS3311 A: Software Design Fall 2018 C HEN

Common Eiffel Errors: Contracts vs. Implementations EECS3311 A: Software Design Fall 2018 C HEN -W EI W ANG Contracts vs. Implementations: Definitions In Eiffel, there are two categories of constructs: Implementations are step-by-step

246 views • 23 slides
Performance Comparison of DTN Bundle Protocol Implementations ottner , Johannes Morgenroth,

Performance Comparison of DTN Bundle Protocol Implementations ottner , Johannes Morgenroth,

Performance Comparison of DTN Bundle Protocol Implementations ottner , Johannes Morgenroth, Sebastian Schildt, Lars Wolf Wolf-Bastian P September 23, 2011: CHANTS Workshop, Las Vegas, NV Motivation Several Bundle Protocol (BP) implementations

874 views • 17 slides
Multi-rate Signal Processing 4. Multistage Implementations 5. Multirate Application: Subband

Multi-rate Signal Processing 4. Multistage Implementations 5. Multirate Application: Subband

4 Multistage Implementations 5 Some Multirate Applications Multi-rate Signal Processing 4. Multistage Implementations 5. Multirate Application: Subband Coding Electrical & Computer Engineering University of Maryland, College Park

891 views • 24 slides
Verification of Implementations of Distributed Systems under Churn Ryan Doenges , James R. Wilcox,

Verification of Implementations of Distributed Systems under Churn Ryan Doenges , James R. Wilcox,

Verification of Implementations of Distributed Systems under Churn Ryan Doenges , James R. Wilcox, Doug Woos, Zachary Tatlock, and Karl Palmskog We should verify implementations of distributed systems... ...and we have! Framework Prover

1.41k views • 86 slides
The PKIX Standards and PKI Implementations Simos Xenitellis University of London

The PKIX Standards and PKI Implementations Simos Xenitellis University of London

The PKIX Standards and PKI implementations The PKIX Standards and PKI Implementations Simos Xenitellis University of London S.Xenitellis@rhbnc.ac.uk 1 16th May, 2000, University of London The PKIX Standards and PKI implementations Agenda

513 views • 29 slides
Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View

Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View

Testing Qt Model-View Implementations Stephen Kelly July 2010 T esting Model-View Implementations Designing testable code High-level Model-View design T est-drivers and mock objects Unit test execution KDE ItemViews

268 views • 23 slides
Erlang SCCP/TCAP/MAP Implementations Harald Welte <laforge@gnumonks.org> gnumonks.org

Erlang SCCP/TCAP/MAP Implementations Harald Welte <laforge@gnumonks.org> gnumonks.org

The GSM core network Erlang in Osmocom Core Network protocol implementations Erlang SCCP/TCAP/MAP Implementations Harald Welte <laforge@gnumonks.org> gnumonks.org hmw-consulting.de sysmocom GmbH October 13, 2012 - OSDC.fr - Paris /

1.06k views • 35 slides
Optimization of HPSG Grammar Implementations in Trale Georgiana Dinu Optimization of HPSG

Optimization of HPSG Grammar Implementations in Trale Georgiana Dinu Optimization of HPSG

Optimization of HPSG Grammar Implementations in Trale Georgiana Dinu Optimization of HPSG Grammar Implementations in Trale p. 1/2 Summary The optimization problem Background Examples Optimization of HPSG Grammar Implementations

754 views • 26 slides
X11 and Wayland A tale of two implementations 1 / 20 Concepts What is hikari and what am I

X11 and Wayland A tale of two implementations 1 / 20 Concepts What is hikari and what am I

X11 and Wayland A tale of two implementations 1 / 20 Concepts What is hikari and what am I trying to achieve? window manager / compositor and Goals started 1.5 years ago written from scratch stacking / tiling hybrid approach inspired by cwm

249 views • 21 slides
Hardware- -Based Implementations Based Implementations Hardware of Factoring Algorithms of

Hardware- -Based Implementations Based Implementations Hardware of Factoring Algorithms of

Hardware- -Based Implementations Based Implementations Hardware of Factoring Algorithms of Factoring Algorithms Factoring Large Numbers with the TWIRL Device Factoring Large Numbers with the TWIRL Device Adi Shamir, Eran Tromer Adi

469 views • 42 slides
A Study of Erlang ETS Table Implementations and Performance Or: Judy Arrays Are Amazing Data

A Study of Erlang ETS Table Implementations and Performance Or: Judy Arrays Are Amazing Data

A Study of Erlang ETS Table Implementations and Performance Or: Judy Arrays Are Amazing Data Structures Scott Lystig Fritchie <slfritchie@snookles.com> Snookles Music Consulting A Study of Erlang ETS Table Implementations and Performance

552 views • 23 slides
Distributed Implementations of Adaptive Collective Decision Making Krzysztof R. Apt CWI and

Distributed Implementations of Adaptive Collective Decision Making Krzysztof R. Apt CWI and

Distributed Implementations of Adaptive Collective Decision Making Krzysztof R. Apt CWI and University of Amsterdam Distributed Implementations of Adaptive Collective Decision Making p.1/17 Let us Introduce Ourselves Project leaders:

529 views • 17 slides
BGP A study into the BGP protocol as well as BGP implementations to improve Route Server

BGP A study into the BGP protocol as well as BGP implementations to improve Route Server

BGP A study into the BGP protocol as well as BGP implementations to improve Route Server scalability. Parallelization Jenda Brands Patrick de Niet Insert content in this area 2 The internet is growing B Active BGP entries in FIB From

624 views • 25 slides
Rosenbrock-like Problems: SMF Versus Other SBO Implementations A.S. Mohamed, S. Koziel, J.W.

Rosenbrock-like Problems: SMF Versus Other SBO Implementations A.S. Mohamed, S. Koziel, J.W.

Rosenbrock-like Problems: SMF Versus Other SBO Implementations A.S. Mohamed, S. Koziel, J.W. Bandler, M.H. Bakr, and Q.S. Cheng Simulation Optimization Systems Research Laboratory Electrical and Computer Engineering Department, McMaster

701 views • 40 slides
TLS THE LAW OF BROKEN TLS IMPLEMENTATIONS Hanno Bck https://hboeck.de/ 1 WHO AM I? Hanno

TLS THE LAW OF BROKEN TLS IMPLEMENTATIONS Hanno Bck https://hboeck.de/ 1 WHO AM I? Hanno

TLS THE LAW OF BROKEN TLS IMPLEMENTATIONS Hanno Bck https://hboeck.de/ 1 WHO AM I? Hanno Bck Freelance journalist (Golem.de, Zeit Online, taz, LWN) Find and fix security vulnerabilities and bugs in free soware (Fuzzing Project,

693 views • 44 slides

More recommend