gasp a generic approach to secure network protocols
play

GASP: a Generic Approach to Secure network Protocols Olivier - PowerPoint PPT Presentation

Jul 18, 2023 •226 likes •977 views

GASP: a Generic Approach to Secure network Protocols Olivier Levillain May 13th 2020 O. Levillain GASP 1/39 Agenda Introduction The Need for Robust Parsers A Platform for Binary Parser Generators Animating Protocols Fuzzing

  1. GASP: a Generic Approach to Secure network Protocols Olivier Levillain May 13th 2020 O. Levillain GASP 1/39

  2. Agenda Introduction The Need for Robust Parsers A Platform for Binary Parser Generators Animating Protocols Fuzzing implementations Next steps

  3. Agenda Introduction The Need for Robust Parsers A Platform for Binary Parser Generators Animating Protocols Fuzzing implementations Next steps

  4. Introduction Project Outline GASP, a Generic Approach to Secure Protocols ◮ Project funded by the ANR 2019 call (ANR Jeune) ◮ 4 ans (2019-10-01 – 2023-09-30) Three main research directions ◮ Network protocol observation in the field ◮ Protocol description to derive reference implementation ◮ Tests on existing implementations using a grey- or whitebox approach Ressourcess ◮ 1 PhD student (ATR) + 3 interns (incl. SN) ◮ 20 k e for servers/laptops ◮ 25 k e for travel/conferences O. Levillain GASP 4/39

  5. Introduction Partners Télécom SudParis ◮ Olivier Levillain, principal investigator ◮ Aina Toky Rasoamanana, PhD student ANSSI (software security lab) ◮ Arnaud Fontaine ◮ Aurélien Deharbe Collegues from Rennes ◮ Georges Bossert (Sekoia), pylstar developer ◮ Guillaume Hiet (CentraleSupélec) Other people involved ◮ Karthik Bhargavan (Inria Paris, Prosecco) ◮ Pascal Lafourcade (UCA) ◮ Graham Steel (Cryptosense) O. Levillain GASP 5/39

  6. Introduction Deliverables and tasks (1/2) WP0 Project management and dissemination D0.* Yearly progress reports WP1 Network protocol observation in the field WP1.1 Specification of a message description language WP1.2 Development of compilers to derive parsers WP1.3 Measurement campaigns D1.1 Intermediate report on the message language and compilers D1.2 Final report on the message language and compilers D1.3 Campaigns results (tools, data and analyses) WP2 Protocol description to derive reference implementations WP2.1 Specification of a protocol description languages WP2.2 Development of compilers to derive reference implementations D2.1 Intermediate report on the languages and compilers D2.2 Final report on the languages and compilers WP3 Tests on existing implementations using a grey- or whitebox approach WP3.1 Test tools derived from the description languages WP3.2 Program introspection to explore implementation behaviour D3.1 Intermediate report on test tools D3.2 Final report on test tools D3.3 Report on implementation introspection O. Levillain GASP 6/39

  7. Introduction Deliverables and tasks (2/2) Year 1 Year 2 Year 3 Year 4 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 WP0 D0.1 D0.2 D0.3 D0.4 WP1 D1.1 D1.2 D1.3 WP1.1 WP1.2 WP1.3 WP2 D2.1 D2.2 WP2.1 WP2.2 WP3 D3.1 D3.2 D3.3 WP3.1 WP3.2 Internship (WP1.1 & WP1.2) PhD Thesis (WP2 & WP3) Internship (WP1.3) Internship (WP3) Server purchase Workshop on message Workshop on automata description languages description languages O. Levillain GASP 7/39

  8. Agenda Introduction The Need for Robust Parsers A Platform for Binary Parser Generators Animating Protocols Fuzzing implementations Next steps

  9. The Need for Robust Parsers Network protocols and file formats ◮ To understand a specification, you should try and implement it ◮ Often, the devil in the detail ◮ how to encode integers in ASN.1, tar files or protobuf ◮ the direction to fill in bit fields ◮ fuzzy specifications ◮ Binary parsers are a basic block for a lot of programs ◮ They are often a fragile part of the software (look at CVEs for Wireshark for example) O. Levillain GASP 9/39

  10. The Need for Robust Parsers Where it all began : SSL/TLS campaigns ◮ Analysis of SSL/TLS connections in the wild (ACSAC 2012) ◮ for each 443/tcp open port, we record the answer to a given stimulus ◮ 200 GB of raw data per stimulus ◮ Problems to handle and dissect these data ◮ TLS is composed of complex structured messages ◮ data can be corrupted (in many ways) ◮ 443/tcp can host other protocols (usually HTTP or SSH) ◮ more subtle errors in messages O. Levillain GASP 10/39

  11. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? O. Levillain GASP 11/39

  12. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? A AES128-SHA O. Levillain GASP 11/39

  13. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA O. Levillain GASP 11/39

  14. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert O. Levillain GASP 11/39

  15. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) O. Levillain GASP 11/39

  16. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) Actually, it is easy to explain O. Levillain GASP 11/39

  17. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? A AES128-SHA ( 0x002f ) B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) Actually, it is easy to explain ◮ a ciphersuite is represented by a 16-bit integer ◮ for almost a decade, all suites had their first byte equal to 00 O. Levillain GASP 11/39

  18. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? A AES128-SHA ( 0x002f ) B ECDH-ECDSA-AES128-SHA ( 0xc005 ) C an alert D something else ( RC4_MD5 ) ( 0x0005 ) Actually, it is easy to explain ◮ a ciphersuite is represented by a 16-bit integer ◮ for almost a decade, all suites had their first byte equal to 00 O. Levillain GASP 11/39

  19. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? A AES128-SHA ( 0x002f ) B ECDH-ECDSA-AES128-SHA ( 0xc005 ) C an alert D something else ( RC4_MD5 ) ( 0x0005 ) Actually, it is easy to explain ◮ a ciphersuite is represented by a 16-bit integer ◮ for almost a decade, all suites had their first byte equal to 00 ◮ why bother to inspect this byte ? O. Levillain GASP 11/39

  20. The Need for Robust Parsers Home-made SSL/TLS stacks What should a client expect when they propose the following ciphersuites : AES128-SHA et ECDH-ECDSA-AES128-SHA ? A AES128-SHA B ECDH-ECDSA-AES128-SHA C an alert D something else ( RC4_MD5 ) E an otherwise correct message, where the field is missing O. Levillain GASP 11/39

  21. The Need for Robust Parsers Parsifal, a brochure ◮ A tool to write parsers from concise descriptions ◮ Efficience of the compiled programs ◮ Robustness of the developed tools ◮ Development methodology adapted to an incremental approach to produce flexible parsers O. Levillain GASP 12/39

  22. The Need for Robust Parsers Parsifal, a brochure ◮ A tool to write parsers from concise descriptions ◮ Efficience of the compiled programs ◮ Robustness of the developed tools ◮ Development methodology adapted to an incremental approach to produce flexible parsers ◮ Parsifal also allows to dump/unparse the objects ◮ Example : a simple DNS client in 200 lines O. Levillain GASP 12/39

  23. The Need for Robust Parsers Parsifal base concept : the PType The objects to analyse are described using PTypes ◮ an OCaml type ◮ a parse function ◮ a dump function Differentes sorts of PTypes ◮ base PTypes ( uint , binstring , etc.) ◮ Parsifal constructions using keywords ( enum , struct , etc.) ◮ hand-written PTypes O. Levillain GASP 13/39

  24. The Need for Robust Parsers Exemple : structure d’une image PNG (1/3) s tr u ct p n g _ f i l e = { png_magic : magic ( "\x89\x50\ x4e \x47\x0d\x0a\x1a\x0a " ) ; png_content : b i n s t r i n g ; } O. Levillain GASP 14/39

  25. The Need for Robust Parsers Exemple : structure d’une image PNG (2/3) s tr u ct png_chunk = { chunk_size : uint32 ; chunk_type : s t r i n g ( 4 ) ; data : b i n s t r i n g ( chunk_size ) ; crc : uint32 ; } O. Levillain GASP 15/39

  26. The Need for Robust Parsers Exemple : structure d’une image PNG (2/3) s tr u ct png_chunk = { chunk_size : uint32 ; chunk_type : s t r i n g ( 4 ) ; data : b i n s t r i n g ( chunk_size ) ; crc : uint32 ; } s tr u ct p n g _ f i l e = { png_magic : magic ( "\x89\x50\ x4e \x47\x0d\x0a\x1a\x0a " ) ; chunks : l i s t of png_chunk ; } O. Levillain GASP 15/39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec14) 19

OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec14) 19

OperationCheckpoint: SDN Application Control Workshop on Secure Network Protocols (NPSec14) 19 October 2014 Sandra Scott-Hayward, Christopher Kane and Sakir Sezer s.scott-hayward@qub.ac.uk Centre for Secure Information Technologies (CSIT)

359 views • 20 slides
Practical Secure Two-Party Computation and Applications Lecture 3: Tools and Applications

Practical Secure Two-Party Computation and Applications Lecture 3: Tools and Applications

Practical Secure Two-Party Computation and Applications Lecture 3: Tools and Applications Estonian Winter School in Computer Science 2016 Overview of this lecture Part 2: ABY Part 3: GSHADE Special Purpose Protocols Generic Protocols

819 views • 52 slides
Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Black-Box Constructions of Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC Secure MPC Goal: Allow a set of distrustful parties to compute ANY function f on their own Secure MPC Goal: Allow a set

1.11k views • 98 slides
Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons

Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons

Secure Communica-on Protocols Today SSL/TLS Protec-on for web browsing / transac-ons SSH Secure shell (remote login) IPSec IP Security suite, originally for use with IPv6 SSL/TLS Secure Sockets Layer / Transport Layer

322 views • 18 slides
Chapter 12 Network Organization and Architecture 2 12.4 Network Protocols I 12.6 Network

Chapter 12 Network Organization and Architecture 2 12.4 Network Protocols I 12.6 Network

Chapter 12 Objectives Learn the basic physical components of networks. Become familiar with routing protocols. Chapter 12 Network Organization and Architecture 2 12.4 Network Protocols I 12.6 Network Organization ISO/OSI Reference

554 views • 11 slides
Chapter 12 Network Organization and Architecture 2 12.4 Network Protocols I 12.6 Network

Chapter 12 Network Organization and Architecture 2 12.4 Network Protocols I 12.6 Network

Chapter 12 Objectives Learn the basic physical components of networks. Become familiar with routing protocols. Chapter 12 Network Organization and Architecture 2 12.4 Network Protocols I 12.6 Network Organization ISO/OSI Reference

475 views • 11 slides
Self Checking Network Protocols: A Monitor Based Approach Gunjan Khanna, Padma Varadharajan,

Self Checking Network Protocols: A Monitor Based Approach Gunjan Khanna, Padma Varadharajan,

Self Checking Network Protocols: A Monitor Based Approach Gunjan Khanna, Padma Varadharajan, Saurabh Bagchi Dependable Computing Systems Lab School of Electrical and Computer Engineering Purdue University http://shay.ecn.purdue.edu/~dcsl

420 views • 18 slides
TLS/SSL TLS (Transport Layer Security) A suite of protocols to provide secure communication

TLS/SSL TLS (Transport Layer Security) A suite of protocols to provide secure communication

TLS/SSL TLS (Transport Layer Security) A suite of protocols to provide secure communication Confidentiality by applying block & stream ciphers - Integrity with MACs - Authenticity with certificates - Predecessor: SSL (secure

557 views • 13 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Il Ilan Orlov ov (BGU GU) ) Eran Omri (BIU) We explore 1/p-secure multiparty

Il Ilan Orlov ov (BGU GU) ) Eran Omri (BIU) We explore 1/p-secure multiparty

Yehuda Lindell (BIU) Amos Beimel (BGU BGU) Il Ilan Orlov ov (BGU GU) ) Eran Omri (BIU) We explore 1/p-secure multiparty protocols wi without out an honest majority Positive result: 1/p-secure protocols for cons

487 views • 27 slides
Network Security Protocols: Analysis methods and standards John Mitchell Stanford University

Network Security Protocols: Analysis methods and standards John Mitchell Stanford University

Network Security Protocols: Analysis methods and standards John Mitchell Stanford University Joint work with many students, postdocs, collaborators TRUST : Team for Research in Ubiquitous Secure Technologies NSF Science and Technology Center

536 views • 40 slides
1 IB Overview A Typical IB Network InfiniBand Architecture and Basic Hardware Components

1 IB Overview A Typical IB Network InfiniBand Architecture and Basic Hardware Components

Processing Bottlenecks in Traditional Protocols Overview of InfiniBand Ex: TCP/IP, UDP/IP Architecture Generic architecture for all network interfaces Host handles almost all aspects of communication Data buffering (copies on

313 views • 9 slides
Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin

Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin

Building Secure Block Ciphers on Generic Attacks Assumptions Jacques Patarin and Yannick Seurin University of Versailles and Orange Labs SAC 2008 August 14-15, 2008 intro the Russian Dolls construction generic attacks application to

539 views • 17 slides
WELCOME! BOARD MEETING | F EBRUARY 23, 2018 ADVISORY & VOTING MEMBERS | CALL TO ORDER BOARD

WELCOME! BOARD MEETING | F EBRUARY 23, 2018 ADVISORY & VOTING MEMBERS | CALL TO ORDER BOARD

BOARD MEETING | F EBRUARY 23, 2018 WELCOME! BOARD MEETING | F EBRUARY 23, 2018 ADVISORY & VOTING MEMBERS | CALL TO ORDER BOARD MEETING | F EBRUARY 23, 2018 CONSENT AGENDA VOTING DIRECTORS TO APPROVE CONSENT AGENDA Review of Minutes and

841 views • 58 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
Sparse Feature Learning Philipp Koehn 3 March 2015 Philipp Koehn Machine Translation: Sparse

Sparse Feature Learning Philipp Koehn 3 March 2015 Philipp Koehn Machine Translation: Sparse

Sparse Feature Learning Philipp Koehn 3 March 2015 Philipp Koehn Machine Translation: Sparse Feature Learning 3 March 2015 Multiple Component Models 1 Translation Model Language Model Reordering Model Philipp Koehn Machine

775 views • 59 slides
Pretzelocity Pretzelocity & & Quark Angular Momentum Quark Angular Momentum Bo-Qiang Ma

Pretzelocity Pretzelocity & & Quark Angular Momentum Quark Angular Momentum Bo-Qiang Ma

Pretzelocity Pretzelocity & & Quark Angular Momentum Quark Angular Momentum Bo-Qiang Ma ( Bo-Qiang Ma ( ) ) PKU PKU ( ) ? 2nd Workshop on Hadron Physics in China and

641 views • 45 slides
Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science,

Security protocols: formal models and verification Sergiu Bursuc School of Computer Science, University of Bristol Finse Winter School, 7 May 2015 Security protocols: roles and goals Roles: P 1 , . . . , P n (e.g. clients, servers, devices,

1.43k views • 127 slides
THE DATA MINING PIPELINE What is data? The data mining pipeline: collection, preprocessing,

THE DATA MINING PIPELINE What is data? The data mining pipeline: collection, preprocessing,

DATA MINING THE DATA MINING PIPELINE What is data? The data mining pipeline: collection, preprocessing, mining, and post-processing Sampling, feature extraction and normalization Exploratory analysis of data basic statistics What is data

2.11k views • 139 slides
1 This is the genealogy of Jesus the Messiah the son of David, the son of Abraham: 2 Abraham was

1 This is the genealogy of Jesus the Messiah the son of David, the son of Abraham: 2 Abraham was

1 This is the genealogy of Jesus the Messiah the son of David, the son of Abraham: 2 Abraham was the father of Isaac, Isaac the father of Jacob, Jacob the father of Judah and his brothers, 3 Judah the father of Perez and Zerah, whose mother was

786 views • 41 slides
MyGrid Personalised biological services on the Grid Phillip Lord p.lord@russet.org.uk

MyGrid Personalised biological services on the Grid Phillip Lord p.lord@russet.org.uk

MyGrid Personalised biological services on the Grid Phillip Lord p.lord@russet.org.uk Department of Computing Science, University of Manchester BOSC 2002 MyGrid p.1/11 What is MyGrid? Funded as part of the UK governments E-Science

711 views • 17 slides

More recommend