Download - Specification-based testing of IPsec
![Page 1: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/1.jpg)
Specification-based testing of IPsec
Institute for system Programming Russian Academy of Sciences
Nickolay Pakoulin [email protected]
![Page 2: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/2.jpg)
Agenda
Work BackgroundSpecification based testing in IPsecDiscussionFuture work
![Page 3: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/3.jpg)
The work backgroundRFBR Grant on Research in IP security and mobilityCurrently we are working on IPsec
IPsec formalizationAH and ESP Inbound / Outbound processingIKE v1Focus on IPsec over IPv6
Implementations evaluationFree BSD 5.2.1OpenBSD 3.6
![Page 4: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/4.jpg)
Project info
Funded by the Russian Foundation for Basic ResearchTest suites would be available for free from http://ipv6.ispras.ru/The CTesK toolkit is available for free from http://www.unitesk.com/Open for international collaboration in the field of IPsec R&D
![Page 5: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/5.jpg)
IPsec research project : what it is NOT
NOT Cryptanalysis of ciphers / message digest
This goes beyond IPsec study anyway
NOT Formal study of IPsec features, such as
Protocol validation Attacks discovery for IPsec security features
![Page 6: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/6.jpg)
IPsec research project: what it is
Conformance test suite developmentTrial whether implementations really meet requirementsInteroperability by conformanceReliability testing
Formal specification of IPsecFormal specification of basic IPsec features
Inbound / Outbound processingIKE v1
RFC as reference standard
![Page 7: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/7.jpg)
How to use formal specs
Protocol AnalysisStudy protocol correctness, reliability, etc.Study cryptographic services, etc.
Specification-based testingTest whether implementations meet requirements of protocol specification
IPsec Formal Specification
Protocol Analysis
Specification-based Testing
What We Are STRONG With
![Page 8: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/8.jpg)
Agenda
Work Background
Specification based testing in IPsecDiscussionFuture work
![Page 9: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/9.jpg)
Need for IPsec conformance testing
Interoperability is crucial for IPsec deploymentInteroperability by conformance
IPsec is a solid protocol, two conforming implementations are expected to interoperate
Reliability of implementationsIPsec is a complex protocol
![Page 10: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/10.jpg)
IPsec specification-Based Testing
Based on UniTesK technology http://www.unitesk.com/Using CTesK toolkit
Implementation of UniTesK for C programming languages
![Page 11: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/11.jpg)
UniTesK specification-based testing technology
Verdict is assigned by an oracleOracle is generated from the formal specification
Adaptive generation of test inputsTest inputs are generated from FSM-based test scenarios
There is an adapter between “abstract”specification model and implementation
Mediator
![Page 12: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/12.jpg)
Test Suite Architecture
Test Input Generator
Test Scenarios
Build test inputs
Oracles
Mediators
IPsec implementation
Validate SUTSpecification
Transport of stimuli to the IUT and capture of IUT reactions
Mediators
![Page 13: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/13.jpg)
Test suite: underlying technology
Specification is developed in SeC ([sek]) – Specification extension of C languageTest scenarios – SeCMediators – SeC and C + RPC
![Page 14: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/14.jpg)
Test suite: technology support
SeC development is supported by CTesK toolkit
Requires Java and C compiler – GCC or MS VCWindows, Linux, FreeBSD, SolarisStable release is available for free
Test report generator and test run visualization
Requires JavaWindows, Linux, FreeBSD, SolarisStable release is available for free
![Page 15: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/15.jpg)
Specification development
Specification is based upon regulating documentation
RFC 2401 (IPsec Architecture) and others
Specification is implicitSpecification imposes constraints on the properties of protocol implementationPre- and post- conditionsConstraints are written using specification extension of C language
![Page 16: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/16.jpg)
Specification and coverage criteria
CoverageDefine criteria to split the space of inputs into equivalence classesMore then one criteria can be defined
Source of coverage criteriaRFC define conditions that govern rules of processingCoverage is formal representation of those conditions
![Page 17: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/17.jpg)
Examplespecification void receive_AHHeader( AHHeader * ah_hdr ) {pre { /* Precondition */ }coverage SecAssoc {
if ( NULL == find_SA(receiver_SAD, ah_hdr)) {return { ah_no_sa, "No SA" };
} else {return { ah_sa_exists, "SA found" };
}}post {
SA * sa = find_SA (receiver_SAD, ah_hdr);if ( sa == NULL ) {
return isDiscarded_Header( ah_hdr ) && contains_Log(/* Discard event */) )&& equals( @receiver_SAD, receiver_SAD )&& equals( @receiver_SPD, receiver_SPD );
} /* Further specification */
![Page 18: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/18.jpg)
Test bed deployment
Test System IUT
Data link agent
Upper-level agent
RPC (IPv4)
Link
IPsec-protected messages
Upper-level agent uses API to affect IUT (add/remove SA/SP, etc)
Data link agent captures outgoing IPv6 datagrams
![Page 19: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/19.jpg)
Mediators development
Mediator links specification and implementation
Pass test inputs to target systemCapture outputs of Implementation Under TestTranslate conceptual data structures to concrete ones and vice versa
![Page 20: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/20.jpg)
Test scenarios
Test scenarios specify how to iterate parameters of test inputs depending on the state of the modelThe actual test inputs are built “on the fly” during test executionCoverage-driven iteration
Do not iterate all possible inputs, only “interesting” ones that improve coverage
![Page 21: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/21.jpg)
Current state
Upper-level and data link agents for FreeBSD and OpenBSD readySpecification under development
Inbound and outboundManual key management
Test scenarios under development
![Page 22: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/22.jpg)
Agenda
Work BackgroundSpecification based testing in IPsec
DiscussionFuture work
![Page 23: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/23.jpg)
CTesK applications
API and message-based interfacesMSR IPv6
Basic IPv6 features
Mobile IPv6 for Windows CE 4.1Mobile IPv6, draft 13
Sensor networks (TinyOS) Embedded software
![Page 24: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/24.jpg)
Discussion
Strengths of the approachStrong modularity of Test ScenarioRelatively easy way to model complex features of IPv6Incremental design of Test Suite
WeaknessesNew paradigm (implicit specs / FSM test)Relatively long way to first tests
![Page 25: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/25.jpg)
Alternatives
Manual test suite developmentProject TAHI
TTCN-based approachesCommercial test suites (presumably TTCN-2)Work in progress in the EU
TTCN-3, scheduled for 3 years, in the early beginning
![Page 26: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/26.jpg)
Alternatives (2)All known industrial alternatives are test-case basedStrengths
Well known and established technologies (e.g. ISO 9646)Relatively quick way to first tests
WeaknessesIntensive manual work
Test purposes elicitationTest cases development
Problems with IPsec output prediction (IPsec is VERY complex)Problems with maintenance and extensionsLess thorough study of official specification
![Page 27: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/27.jpg)
Agenda
Work BackgroundSpecification based testing in IPsecDiscussion
Future work
![Page 28: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/28.jpg)
Future work
Full IPsec conformance test suite Inbound / Outbound trafficIKE v1
Mobile IPv6 conformance test suite developmentMobile IPv6 security conformance testingOpen for collaboration
![Page 29: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/29.jpg)
Links
UniTesK http://www.unitesk.com/CTesK http://www.unitesk.com/products/ctesk/
Institute for System Programming RAS http://www.ispras.ru/
Network research group http://ipv6.ispras.ru/
Contact: Nickolay Pakoulinmailto:[email protected]
![Page 30: Specification-based testing of IPsec](https://reader031.vdocument.in/reader031/viewer/2022021807/620dd60b70e1137ce205a5db/html5/thumbnails/30.jpg)
END
Questions?