Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems

This paper presents a novel approach to automatically finding security vulnerabilities in the routing protocol OSPF --- the most widely used protocol for Internet routing. We start by modeling OSPF on (concrete) networks with a fixed number of routers in a specific topology. By using the model checking tool CBMC, we found several simple, previously unpublished attacks on OSPF. In order to search for attacks in a family of networks with varied sizes and topologies, we define the concept of an abstract network which represents such a family. The abstract network ${\cal A}$ has the property that if there is an attack on ${\cal A}$ then there is a corresponding attack on each of the (concrete) networks represented by ${\cal A}$. The attacks we have found on abstract networks reveal security vulnerabilities in the OSPF protocol, which can harm routing in huge networks with complex topologies. Finding such attacks directly on the huge networks is practically impossible. Abstraction is therefore essential. Further, abstraction enables showing that the attacks are general. That is, they are applicable in a large (even infinite) number of networks. This indicates that the attacks exploit fundamental vulnerabilities, which are applicable to many configurations of the network.

[1]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[2]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[3]  Amir Pnueli,et al.  Symbolic Model Checking with Rich ssertional Languages , 1997, CAV.

[4]  Shyhtsun Felix Wu,et al.  Secure Routing Protocols: Theory and Practice* , 2001 .

[5]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[6]  Emanuele Jones,et al.  OSPF Security Vulnerabilities Analysis , 2006 .

[7]  John C. Mitchell,et al.  Analysis of EAP-GPSK Authentication Protocol , 2008, ACNS.

[8]  Gabi Nakibly,et al.  Persistent OSPF Attacks , 2012, NDSS.

[9]  Parosh Aziz Abdulla Regular model checking , 2011, International Journal on Software Tools for Technology Transfer.

[10]  Jun Li,et al.  Security Verification of 802.11i 4-Way Handshake Protocol , 2008, 2008 IEEE International Conference on Communications.

[11]  Shyhtsun Felix Wu,et al.  JiNao: Design and Implementation of a Scalable Intrusion Detection System for the OSPF Routing Proto , 1999 .

[12]  Xiao-yan Shen Chinese Academy of Sciences , 2014, Nature.

[13]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[14]  Miroslav Svéda,et al.  A Formal Model for Network-Wide Security Analysis , 2008, 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ecbs 2008).

[15]  George J. Milne,et al.  Correct Hardware Design and Verification Methods , 2003, Lecture Notes in Computer Science.

[16]  Bengt Jonsson,et al.  Graph Grammar Modeling and Verification of Ad Hoc Routing Protocols , 2008, TACAS.

[17]  Bernard Fortz,et al.  On the evaluation of the reliability of OSPF routing in IP networks , 2001 .

[18]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[19]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[20]  Vineet Kahlon,et al.  Exact and Efficient Verification of Parameterized Cache Coherence Protocols , 2003, CHARME.

[21]  A. Prasad Sistla,et al.  Reasoning about systems with many processes , 1992, JACM.