Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning

Yadav, Tarun; Sadhukhan, Koustav

doi:10.1007/978-981-13-5826-5_27

Tarun Yadav¹⁴ &
Koustav Sadhukhan¹⁴

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 969))

Included in the following conference series:

International Symposium on Security in Computing and Communication

1462 Accesses
1 Citations
1 Altmetric

Abstract

TLS protocol is an essential part of secure Internet communication. In the past, many attacks have been identified on the protocol. Most of these attacks are not due to design flaws of the protocol, but due to flaws in specific implementation of protocol. One of the widely used implementation of TLS is SChannel which is used in Windows operating system since its inception. In this paper, we have used “protocol state fuzzing” to identify vulnerable and undesired state transitions in the state machine models of the protocol for various versions of SChannel. The technique of protocol state fuzzing has been implemented using query based state machine learning. The client as well as server components have been analyzed thoroughly using this technique and various flaws have been discovered in the implementation. Exploitation of these flaws under specific circumstances may lead to serious attacks which have potential to disrupt secure communication.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Aviram, N., et al.: DROWN: breaking TLS using SSLv2. In: USENIX Security Symposium, pp. 689–706 (2016)
Google Scholar
Green, M.: Attack of the week: FREAK (or ‘factoring the NSA for fun and profit’). A Few Thoughts on Cryptographic Engineering (2018). https://blog.cryptographyengineering.com/2015/03/03/attack-of-week-freak-or-factoring-nsa/
Adrian, D., et al.: Imperfect forward secrecy: how Diffie-Hellman fails in practice. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 5–17. ACM (2015)
Google Scholar
Bhargavan, K., Leurent, G.: Transcript collision attacks: breaking authentication in TLS, IKE, and SSH. In: Network and Distributed System Security Symposium-NDSS 2016 (2016)
Google Scholar
Synopsys, S.: Heartbleed Bug. Heartbleed.com (2018). http://heartbleed.com/
De Ruiter, J., Poll, E.: Protocol state fuzzing of TLS implementations. In: USENIX Security Symposium, pp. 193–206 (2015)
Google Scholar
Www-archive.mozilla.org: The SSL 2.0 Protocol (1995). https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Tools.ietf.org: RFC 6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0 (2011). https://tools.ietf.org/html/rfc6101
Ietf.org: RFC 2246 - The TLS Protocol Version 1.0 (1999). https://www.ietf.org/rfc/rfc2246.txt
Ietf.org: RFC 4346 - The Transport Layer Security (TLS) Protocol Version 1.1 (2006). https://www.ietf.org/rfc/rfc4346.txt
Ietf.org: RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2 (2008). https://www.ietf.org/rfc/rfc5246.txt
Beurdouche, B., et al.: A messy state of the union: taming the composite state machines of TLS. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 535–552. IEEE (2015)
Google Scholar
Msdn.microsoft.com: Secure Channel (Windows) (n.d.). https://msdn.microsoft.com/en-us/library/windows/desktop/aa380123(v=vs.85).aspx
Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40
Chapter Google Scholar
Koustav, S., Mallari, R.A., Yadav, T.: Cyber attack thread: a control-flow based approach to deconstruct and mitigate cyber threats. In: 2015 International Conference on Computing and Network Communications (CoCoNet), pp. 170–178. IEEE (2015)
Google Scholar
Langley, A.: ImperialViolet - early changecipherspec attack. Imperialviolet.org (2014). https://www.imperialviolet.org/2014/06/05/earlyccs.html

Download references

Author information

Authors and Affiliations

Defence Research and Development Organisation, Delhi, India
Tarun Yadav & Koustav Sadhukhan

Authors

Tarun Yadav
View author publications
You can also search for this author in PubMed Google Scholar
Koustav Sadhukhan
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tarun Yadav .

Editor information

Editors and Affiliations

Technology and Management, Indian Institute of Information, Kerala, India
Sabu M. Thampi
Department of Computer Science, Missouri University of Science and Technology, Rolla, MO, USA
Sanjay Madria
Guangzhou University, Guangzhou, China
Guojun Wang
Howard University, Washington, DC, USA
Danda B. Rawat
University of the West of Scotland, Paisley, Glasgow, UK
Jose M. Alcaraz Calero

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Yadav, T., Sadhukhan, K. (2019). Identification of Bugs and Vulnerabilities in TLS Implementation for Windows Operating System Using State Machine Learning. In: Thampi, S., Madria, S., Wang, G., Rawat, D., Alcaraz Calero, J. (eds) Security in Computing and Communications. SSCC 2018. Communications in Computer and Information Science, vol 969. Springer, Singapore. https://doi.org/10.1007/978-981-13-5826-5_27

Download citation

DOI: https://doi.org/10.1007/978-981-13-5826-5_27
Published: 24 January 2019
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-5825-8
Online ISBN: 978-981-13-5826-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics