![Page 1: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/1.jpg)
Robustness in Wireless Network AccessProtocolsPhD Defense
Martin EianDepartment of TelematicsSupervisor: Professor Stig F. MjølsnesCo-supervisor: Professor Steinar H. Andresen
21 September 2012www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 2: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/2.jpg)
2
Outline
— Motivation and Introduction— Background— Manual protocol analysis— Formal model construction and verification— Conclusions and open research problems
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 3: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/3.jpg)
3
Motivation - Two Trends in WirelessNetworking
— Commercial off-the-shelf (COTS) hardware and software• 802.11/WiFi local area networks• Mobile/Cellular networks
— GSM (2G)— UMTS (3G)— LTE (4G)
• 802.16/WiMAX wide area networks— Safety critical applications
• Medical• Road safety• Supervisory control and data aquisition (SCADA)
— Power generation and distribution— Oil & gas— Industrial— Transportation
• Emergency communications
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 4: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/4.jpg)
4
Safety Critical Applications
— Key security requirement: Availability— Availability can be disrupted by denial of service (DoS) attacks— Case studies
• U.S. public safety communications network - LTE1
• Hospitals - 802.11 medical devices2
— Research questions• Are current protocols vulnerable?• How do we assess the severity of a protocol vulnerability?• How can we prevent protocol vulnerabilities?
1Federal Communications Commission (FCC), “National Broadband Plan”,http://www.broadband.gov/
2“The Wireless Revolution in Medical Devices”,http://www.medicaldevice-network.com/projects/wireless_revolution/
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 5: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/5.jpg)
5
Wireless Networks
RouterRouterAccess PointBase Station
Access Network
Core Network
Access PointBase Station
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 6: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/6.jpg)
6
Wireless Network Access Protocols
RouterRouterAccess PointBase Station
Access Network
Core Network
Access PointBase Station
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 7: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/7.jpg)
7
Definitions3
ProtocolSet of rules and formats, semantic and syntactic,permitting information systems to exchange information.
Availability
The property of [resources] being accessible and useableupon demand by an authorized entity.
Denial of Service (DoS)
The prevention of authorized access to resources or thedelaying of time-critical operations.
3Committee on National Security Systems Instruction No. 4009, NationalInformation Assurance Glossary
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 8: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/8.jpg)
8
Communication Protocols
— Formatting of data• Control/management messages4
• Data messages— Behaviour
• When to send a message• What to do when a message is received• Model: finite state machine
— States— Transitions
4Packets, frames, protocol data units
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 9: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/9.jpg)
9
Project Phases and Published Papers1: Literature review, problem definition
Fragility of the Robust Security Net-work: 802.11 Denial of Service
2: Manual protocol analysis 7th International Conference on AppliedCryptography and Network Security(ACNS’09)A Practical Cryptographic Denial of Ser-vice Attack Against 802.11i TKIP andCCMPNinth International Conference on Cryptol-ogy And Network Security (CANS 2010)The Modeling and Comparison of Wire-less Network Denial of Service Attacks
3: Formal model construction and verifica-tion
3rd ACM SOSP Workshop on Network-ing, Systems, and Applications on MobileHandhelds (MobiHeld ’11)A Formal Analysis of IEEE 802.11wDeadlock Vulnerabilities31st Annual IEEE International Confer-ence on Computer Communications (IEEEINFOCOM 2012)
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 10: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/10.jpg)
10
Denial of Service Attacks
— Attacks against Availability— Disrupt the communication service— Categories
• Jamming→ Transmit noise• Flooding→ Exhaust resources• Implementation specific→ Exploit bugs• Semantic→ Exploit protocol vulnerabilities
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 11: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/11.jpg)
11
Semantic Denial of Service Attacks
— Protocol vulnerabilities - desynchronize state• Unprotected control/management messages
— Attack amplification• Denial of Service time : Adversary transmission time• 10:1• 100:1• 1000:1• ...
— Special case: deadlocks— Current wireless access protocols are vulnerable
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 12: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/12.jpg)
12
The Denial of Service ProblemAccess PointNetwork User
Adversary
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 13: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/13.jpg)
13
The Denial of Service ProblemAccess PointNetwork User
Adversary
Authentication Request
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 14: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/14.jpg)
14
The Denial of Service ProblemAccess PointNetwork User
Adversary
Authentication Response
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 15: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/15.jpg)
15
The Denial of Service ProblemAccess PointNetwork User
Adversary
Association Request
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 16: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/16.jpg)
16
The Denial of Service ProblemAccess PointNetwork User
Adversary
Association Response
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 17: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/17.jpg)
17
The Denial of Service ProblemAccess PointNetwork User
Adversary
Service Enabled
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 18: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/18.jpg)
18
The Denial of Service ProblemAccess PointNetwork User
Adversary
Deauthentication
Service Enabled
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 19: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/19.jpg)
19
The Denial of Service ProblemAccess PointNetwork User
Adversary
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 20: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/20.jpg)
20
The Denial of Service Problem - MSC
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 21: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/21.jpg)
21
Summary of Phase 1
— Scope: semantic protocol vulnerabilities— Case study: IEEE 802.11— Start manual analysis
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 22: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/22.jpg)
22
Project Phases and Published Papers1: Literature review, problem definition
Fragility of the Robust Security Net-work: 802.11 Denial of Service
2: Manual protocol analysis 7th International Conference on AppliedCryptography and Network Security(ACNS’09)A Practical Cryptographic Denial of Ser-vice Attack Against 802.11i TKIP andCCMPNinth International Conference on Cryptol-ogy And Network Security (CANS 2010)The Modeling and Comparison of Wire-less Network Denial of Service Attacks
3: Formal model construction and verifica-tion
3rd ACM SOSP Workshop on Network-ing, Systems, and Applications on MobileHandhelds (MobiHeld ’11)A Formal Analysis of IEEE 802.11wDeadlock Vulnerabilities31st Annual IEEE International Confer-ence on Computer Communications (IEEEINFOCOM 2012)
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 23: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/23.jpg)
23
Case Study - IEEE 802.11 (1997)
— Standard for wireless local area networks— PHY and MAC layers— Three message types
• Control frames• Management frames• Data frames
— Extensively analyzed for DoS vulnerabilities— Facilitates experimental validation— Scope
• 802.11 MAC layer protocols• 802.11i and 802.11w amendments
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 24: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/24.jpg)
24
802.11 States, Authentication andAssociation
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 25: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/25.jpg)
25
802.11i: Robust Security Network (RSN)(2004)
— Provides• Integrity• Confidentiality• Replay protection• Sender authenticity (unicast)
— TKIP and AES-CCMP— Security Associations (SAs)
• Pairwise keys• Security parameters• Deleted on successful authentication, (re)association,
deauthentication, disassociation
— Only protects data frames (not management/control)— Uses deauthentication to recover from lost key synchronization
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 26: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/26.jpg)
26
Deauthentication Attack - 802.11i
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 27: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/27.jpg)
27
802.11i TKIP
— Weak message integrity code (MIC)— Countermeasures
• 2 MIC failures in 60 seconds• Shut down for 60 seconds• Delete all security associations using TKIP• Design goal: difficult to deliberately cause MIC failures
— TKIP sequence counter (TSC) - prevent replay— 802.11e quality of service (QoS)
• One TSC per QoS class
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 28: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/28.jpg)
28
TKIP Countermeasures Attack (Paper B)
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 29: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/29.jpg)
29
802.11w: Protected Management Frames(2009)
RSN protection for:— Deauthentication— Disassociation— Action
...but not for:— Authentication
• Chicken and egg problem?— Association
• Backward compatibility
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 30: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/30.jpg)
30
Authentication Attack (Paper A)
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 31: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/31.jpg)
31
Summary of Phase 2
— Contributions• Discovered vulnerabilities• Experimental validation• Proposed robust solutions and temporary workarounds
— A decade of 802.11 analysis5
— New vulnerabilities found— Manual analysis insufficient— Use formal methods— Goal: automatically find semantic protocol vulnerabilities
5J. Bellardo and S. Savage, “802.11 Denial-of-Service Attacks: RealVulnerabilities and Practical Solutions”, Usenix Security Symposium 2003
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 32: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/32.jpg)
32
Project Phases and Published Papers1: Literature review, problem definition
Fragility of the Robust Security Net-work: 802.11 Denial of Service
2: Manual protocol analysis 7th International Conference on AppliedCryptography and Network Security(ACNS’09)A Practical Cryptographic Denial of Ser-vice Attack Against 802.11i TKIP andCCMPNinth International Conference on Cryptol-ogy And Network Security (CANS 2010)The Modeling and Comparison of Wire-less Network Denial of Service Attacks
3: Formal model construction and verifica-tion
3rd ACM SOSP Workshop on Network-ing, Systems, and Applications on MobileHandhelds (MobiHeld ’11)A Formal Analysis of IEEE 802.11wDeadlock Vulnerabilities31st Annual IEEE International Confer-ence on Computer Communications (IEEEINFOCOM 2012)
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 33: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/33.jpg)
33
Formal Method Development
— Method: Model checking— Bottom-up approach
• Cost quantification• Model implementation in Promela• Model verification using SPIN• Experimental validation• Formal definition
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 34: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/34.jpg)
34
Construction of Models
— Cost Model— Protocol Model— Adversary Model
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 35: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/35.jpg)
35
Cost Model— Cost: energy, computational, memory, monetary, probability of
detection/location, time— Protocol participant cost ΓP
• Time without communication service• Implementation: global variable
— Adversary cost ΓA• Total adversary transmission time• Implementation: global variable
— Attack efficiency/amplification E• E = ΓP
ΓA
— Bounds• ΓP is finite• ΓA > 0• E not defined for deadlock attacks
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 36: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/36.jpg)
36
Attack Efficiency E
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 37: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/37.jpg)
37
General Protocol Model
Initiator Adversary Responder
— Initiator• Promela proctype
— Responder• Promela proctype
— I/O: Protocol messages• Promela chan
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 38: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/38.jpg)
38
Protocol Model Challenges
— Stop model execution if protocol is unable to recover• Easy deadlock detection (SPIN “invalid endstates”)
— Mental image: data frames ping pong— Only send data when receiving data
• Exception 1: after EAPOL4• Exception 2: after channel switch recovery
— Timeouts• Explicit notification by recipient• Promela timeout statement• Allow adversary to halt, then resume when timeout is executed
— Detect attacks where adversary sends messages after timeout
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 39: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/39.jpg)
39
Adversary Model
— Non-deterministic— Can read and send unprotected messages— Cannot delete messages
• Distinction from Standard/Dolev-Yao Cryptographic Model
— Limited message budget
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 40: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/40.jpg)
40
Adversary Model - Promelaproctype Adversary ( ) {
sho r t pkts = 0 ; Msg m; m. type = DUMMY; m. c lass = 1; m. ch = 1; m. mic = 0;do: : ( pk ts >= a t t ) −> break ;: : pk ts < a t t && ( setup | | es tab l i shed ) −>
i f: : m. type == DUMMY −> break ;: : m. type == DUMMY && ( pkts > 0) −>
i f: : t i m e o u t f l a g −> t i m e o u t f l a g = 0;
f i: : m. type == DUMMY −>
i f: : m. type = deauth −> m. c lass = 1;: : m. type = disassoc −> m. c lass = 2;: : m. type = authreq −> m. c lass = 1;: : m. type = authresp −> m. c lass = 1;: : m. type = assocreq −> m. c lass = 2;: : m. type = assocresp −> m. c lass = 2;: : dot11h −> m. type = csw ; m. c lass = 1;
f i: : m. type != DUMMY −>
i f: : atomic { pkts ++; toAP ! m; m. type = DUMMY; }: : atomic { pkts ++; toSTA ! m; m. type = DUMMY; }
f if i
od}
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 41: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/41.jpg)
41
802.11 Challenges
— Model construction revealed ambiguities and gaps in protocolspecifications• Example: authentication request received in State 3
— Checked protocol implementations• Cisco• hostapd
— Different interpretations• Implement both• Verify both
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 42: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/42.jpg)
42
Model Verification
— Model checker: SPIN— Using cost model
• Select efficiency threshold T• Check LTL property: �((ΓA = 0) ∨ (ΓP
ΓA< T ))
— Deadlocks• Does not require cost model• Check SPIN property “invalid endstates”
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 43: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/43.jpg)
43
Model Verification Complexity andPerformance6
Adversary States Transitions Time (s) Htime1 8,382 14,374 0.1 0.1 sec2 380,263 729,614 8.8 8.8 sec3 10,744,856 22,009,511 1,260.0 21 min4 238,582,500 508,034,440 95,300.0 26.5 hrs
6Intel Xeon 2.66GHz CPU
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 44: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/44.jpg)
44
802.11i Deadlock Attack (Paper C)
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 45: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/45.jpg)
45
802.11w Deadlock Attack 1 (Paper D)
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 46: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/46.jpg)
46
802.11w Deadlock Attack 2 (Paper D)
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 47: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/47.jpg)
47
802.11w Deadlock Attack 3 (Paper D)
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 48: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/48.jpg)
48
Cost Model Results
— Previously published attacks verified— Highest efficiency: Quiet attack7
— Difficult to find new lower efficiency attacks• Too many counterexamples from model checker• Partial solution by limiting adversary and protocol - e.g.
802.11h support— Modify protocol to remove vulnerabilities
• Challenge: experimental validation
7B. Könings, F. Schaub, F. Kargl and S. Dietzel, “Channel Switch and QuietAttack: New DoS Attacks Exploiting the 802.11 Standard”, IEEE 34th Conferenceon Local Computer Networks, 2009 (LCN 2009).
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 49: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/49.jpg)
49
Conclusions
— Proposed formal method is• Practical• Useful
— Found severe vulnerabilities in existing protocols• Common cause: protocol modifications• Eluded extensive manual analysis
— Experimental validation of all results• Differences in interpretation of the standard
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 50: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/50.jpg)
50
Research Questions Retrospective
— Are current protocols vulnerable?• Yes. Why?• Complexity makes manual analysis insufficient• Protocol modifications can have unintended consequences
— How do we assess the severity of a protocol vulnerability?• Quantify the costs• Proposed cost model
— How can we prevent protocol vulnerabilities?• With the help of formal methods during protocol design• Proposed formal method
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 51: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/51.jpg)
51
Protocol DesignDesign Protocol
Construct Formal Model
Run Model Checker Vulnerable?
Implement Protocol
Yes
No
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 52: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/52.jpg)
52
Open Research Problems
— Integration with other models and tools— Alternative cost and adversary models— Complete 802.11 model— Other wireless network access protocols
• GSM• UMTS• LTE• 802.16 (WiMAX)
— Real time support— Protocol design principles
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols
![Page 53: Robustness in Wireless Network Access Protocols - PhD Defense · Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics ... Robustness in](https://reader034.vdocuments.site/reader034/viewer/2022042307/5ed39ea518dc2351871e3dab/html5/thumbnails/53.jpg)
53
Thank You!
www.ntnu.no Martin Eian, Robustness in Wireless Network Access Protocols