Paul Fiterau-Brostean (Uppsala University, Sweden), Bengt Jonsson (Uppsala University, Sweden), Konstantinos Sagonas (Uppsala University, Sweden and National Technical University of Athens, Greece), Fredrik Tåquist (Uppsala University, Sweden)

Implementations of stateful security protocols must carefully manage the type and order of exchanged messages and cryptographic material, by maintaining a state machine which keeps track of protocol progress. Corresponding implementation flaws, called emph{state machine bugs}, can constitute serious security vulnerabilities. We present an automated black-box technique for detecting state machine bugs in implementations of stateful network protocols. It takes as input a catalogue of state machine bugs for the protocol, each specified as a finite automaton which accepts sequences of messages that exhibit the bug, and a (possibly inaccurate) model of the implementation under test, typically obtained by model learning. Our technique constructs the set of sequences that (according to the model) can be performed by the implementation and that (according to the automaton) expose the bug. These sequences are then transformed to test cases on the actual implementation to find a witness for the bug or filter out false alarms. We have applied our technique on three widely-used implementations of SSH servers and nine different DTLS server and client implementations, including their most recent versions. Our technique easily reproduced all bugs identified by security researchers before, and produced witnesses for them. More importantly, it revealed several previously unknown bugs in the same implementations, two new vulnerabilities, and a variety of new bugs and non-conformance issues in newer versions of the same SSH and DTLS implementations.

View More Papers

Double and Nothing: Understanding and Detecting Cryptocurrency Giveaway Scams

Xigao Li (Stony Brook University), Anurag Yepuri (Stony Brook University), Nick Nikiforakis (Stony Brook University)

Read More

Investigating User Behaviour Towards Fake News on Social Media...

Yasmeen Abdrabou (University of the Bundeswehr Munich), Elisaveta Karypidou (LMU Munich), Florian Alt (University of the Bundeswehr Munich), Mariam Hassib (University of the Bundeswehr Munich)

Read More

Improving In-vehicle Networks Intrusion Detection Using On-Device Transfer Learning

Sampath Rajapaksha (Robert Gordon University), Harsha Kalutarage (Robert Gordon University), M.Omar Al-Kadri (Birmingham City University), Andrei Petrovski (Robert Gordon University), Garikayi Madzudzo (Horiba Mira Ltd)

Read More