A Formal TLS Handshake Model in LNT

Testing of network services represents one of the biggest challenges in cyber security. Because new vulnerabilities are detected on a regular basis, more research is needed. These faults have their roots in the software development cycle or because of intrinsic leaks in the system specification. Conformance testing checks whether a system behaves according to its specification. Here model-based testing provides several methods for automated detection of shortcomings. The formal specification of a system behavior represents the starting point of the testing process. In this paper, a widely used cryptographic protocol is specified and tested for conformance with a test execution framework. The first empirical results are presented and discussed.

[1]  Manfred Broy,et al.  Model-Based Testing of Reactive Systems, Advanced Lectures [The volume is the outcome of a research seminar that was held in Schloss Dagstuhl in January 2004] , 2005, Model-Based Testing of Reactive Systems.

[2]  Christof Paar,et al.  DROWN: Breaking TLS Using SSLv2 , 2016, USENIX Security Symposium.

[3]  Hannes Mehnert,et al.  Not-quite-so-broken TLS 1 . 3 mechanised conformance checking , 2015 .

[4]  Joeri de Ruiter,et al.  Protocol State Fuzzing of TLS Implementations , 2015, USENIX Security Symposium.

[5]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[6]  Gregorio Díaz,et al.  Automatic verification of the TLS handshake protocol , 2004, SAC '04.

[7]  Radu Mateescu,et al.  CADP 2011: a toolbox for the construction and analysis of distributed processes , 2012, International Journal on Software Tools for Technology Transfer.

[8]  Joeri de Ruiter,et al.  Protocol State Machines and Session Languages: Specification, implementation, and Security Flaws , 2015, 2015 IEEE Security and Privacy Workshops.

[9]  Radu Mateescu,et al.  TESTOR: A Modular Tool for On-the-Fly Conformance Test Case Generation , 2018, TACAS.

[10]  Sean Turner,et al.  Transport Layer Security , 2014, IEEE Internet Computing.

[11]  Vitaly Shmatikov,et al.  Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations , 2014, 2014 IEEE Symposium on Security and Privacy.

[12]  Alfred C. Weaver Secure Sockets Layer , 2006, Computer.

[13]  Frédéric Lang,et al.  From LOTOS to LNT , 2017, ModelEd, TestEd, TrustEd.

[14]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[15]  Reynald Affeldt,et al.  Towards formal verification of TLS network packet processing written in C , 2013, PLPV.

[16]  Feng Duan,et al.  Testing TLS Using Combinatorial Methods and Execution Framework , 2017, ICTSS.

[17]  Jan Tretmans,et al.  Conformance Testing with Labelled Transition Systems: Implementation Relations and Test Generation , 1996, Comput. Networks ISDN Syst..

[18]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.