CAV 2013: Computer Aided Verification pp 724-739 | Cite as

Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems

  • Adi Sosnovich
  • Orna Grumberg
  • Gabi Nakibly
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8044)

Abstract

This paper presents a novel approach to automatically finding security vulnerabilities in the routing protocol OSPF – the most widely used protocol for Internet routing. We start by modeling OSPF on (concrete) networks with a fixed number of routers in a specific topology. By using the model checking tool CBMC, we found several simple, previously unpublished attacks on OSPF.

In order to search for attacks in a family of networks with varied sizes and topologies, we define the concept of an abstract network which represents such a family. The abstract network \({\cal A}\) has the property that if there is an attack on \({\cal A}\) then there is a corresponding attack on each of the (concrete) networks represented by \({\cal A}\).

The attacks we have found on abstract networks reveal security vulnerabilities in the OSPF protocol, which can harm routing in huge networks with complex topologies. Finding such attacks directly on the huge networks is practically impossible. Abstraction is therefore essential. Further, abstraction enables showing that the attacks are general. That is, they are applicable in a large (even infinite) number of networks. This indicates that the attacks exploit fundamental vulnerabilities, which are applicable to many configurations of the network.

Keywords

Model Check Transit Network Abstract Transition Security Vulnerability Open Short Path First 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abdulla, P.: Regular model checking. STTT 14(2) (2012)Google Scholar
  2. 2.
    Clarke, E., Kroning, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Niklas Een, N.S.: Minsat 2.0 - (2008), http://minisat.se/minisat.html
  4. 4.
    Emerson, E.A., Kahlon, V.: Exact and efficient verification of parameterized cache coherence protocols. In: Geist, D., Tronci, E. (eds.) CHARME 2003. LNCS, vol. 2860, pp. 247–262. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Fortz, B.: On the evaluation of the reliability of OSPF routing in IP networks. Technical report, Institut dadministration et de gestion (2001)Google Scholar
  6. 6.
    German, S., Sistla, P.: Reasoning about systems with many processes. J. ACM 39(3) (1992)Google Scholar
  7. 7.
    Jones, E., Le Moigne, O.: OSPF security vulnerabilities analysis. Internet-Draft draft-ietf-rpsec-ospf-vuln-02, IETF (June 2006)Google Scholar
  8. 8.
    Kesten, Y., Maler, O., Marcus, M., Pnueli, A., Shahar, E.: Symbolic model checking with rich ssertional languages. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 424–435. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  9. 9.
    Liu, J., Ye, X., Zhang, J., Li, J.: Security verification of 802.11i 4-way handshake protocol. In: Communications (2008)Google Scholar
  10. 10.
    Malik, S.U.R., Srinivasan, S.K., Khan, S.U., Wang, L.: A methodology for OSPF routing protocol verification. In: 12th International Conference on Scalable Computing and Communications (ScalCom) (2012)Google Scholar
  11. 11.
    Matousek, P., Ráb, J., Rysavy, O., Svéda, M.: A formal model for network-wide security analysis. In: Engineering of Computer Based Systems (2008)Google Scholar
  12. 12.
    John, C.: Mitchell, Mark Mitchell, and Ulrich Stern. Automated analysis of cryptographic protocols using Murphi. In: IEEE Symposium on Security and Privacy, pp. 141–151 (1997)Google Scholar
  13. 13.
    Mitchell, J.C., Roy, A., Rowe, P., Scedrov, A.: Analysis of EAP-GPSK Authentication Protocol. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 309–327. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Moy, J.: OSPF version 2. IETF RFC 2328 (April 1998)Google Scholar
  15. 15.
    Nakibly, G., Gonikman, D., Kirshon, A., Boneh, D.: Persistent OSPF attacks. In: NDSS (2012)Google Scholar
  16. 16.
    Saksena, M., Wibling, O., Jonsson, B.: Graph grammar modeling and verification of ad hoc routing protocols. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 18–32. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Wang, F., Vetter, B., Wu, S.F.: Secure routing protocols: Theory and practice. Technical report, North Carolina State University (May 1997)Google Scholar
  18. 18.
    Wu, S.F., et al.: JiNao: Design and implementation of a scalable intrusion detection system for the OSPF routing protocol. ACM Transactions on Computer Systems 2 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Adi Sosnovich
    • 1
  • Orna Grumberg
    • 1
  • Gabi Nakibly
    • 2
  1. 1.Computer Science DepartmentTechnionHaifaIsrael
  2. 2.National EW Research and Simulation CenterRafaelHaifaIsrael

Personalised recommendations