Inferring OpenVPN State Machines Using Protocol State Fuzzing

2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) Pub Date : 2018-04-23 DOI:10.1109/EuroSPW.2018.00009

Lesly-Ann Daniel, E. Poll, Joeri de Ruiter

{"title":"Inferring OpenVPN State Machines Using Protocol State Fuzzing","authors":"Lesly-Ann Daniel, E. Poll, Joeri de Ruiter","doi":"10.1109/EuroSPW.2018.00009","DOIUrl":null,"url":null,"abstract":"The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.","PeriodicalId":326280,"journal":{"name":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EuroSPW.2018.00009","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 22

Abstract

The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN: the standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.

查看原文本刊更多论文

使用协议状态模糊推断OpenVPN状态机

安全协议的可靠性是至关重要的，但在实现过程中很容易受到漏洞的影响。实现的一个关键方面是协议的状态机。实现的状态机可以通过使用常规推理的黑盒测试来推断。这些推断状态机提供了对实现的良好洞察，并可用于检测任何虚假行为。我们将此技术应用于OpenVPN的不同实现:标准OpenVPN和OpenVPN- nl实现。尽管OpenVPN是一种广泛使用的基于tls的VPN解决方案，但该协议没有官方规范，这使得它成为一个特别有趣的分析目标。我们推断服务器端实现的状态机，并关注协议的特定阶段。最后，我们分析了这些状态机，说明了它们可以揭示文档中缺少的关于实现的大量信息，并讨论了在正式规范中包含状态机的可能性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

自引率

0.00%

发文量