安全协议实施安全性分析综述

doi:10.6040/j.issn.1671-9352.2.2017.067

摘要/Abstract

摘要： 安全协议是网络空间安全的重要组成部分,安全协议实施是安全协议的最终表现形式。介绍了安全协议实施安全性分析的意义,分别按照三个前提条件:能够获取安全协议客户端实施和安全协议服务器端实施、仅能够获取安全协议客户端实施、不能获取安全协议客户端与安全协议服务器端实施,并依据安全协议实施安全性分析采用的主要分析方法——程序验证、模型抽取、网络轨迹、指令分析等,对相关研究成果进行归类、分析、比较、总结和讨论。对未来安全协议实施安全性分析的研究方向进行了展望。

关键词: 网络空间安全, 模型抽取, 指令分析, 安全协议实施, 程序验证, 网络轨迹

Abstract: Security protocols are not only the important part of cyberspace security, but also are the key technology of providing cyberspace security. Security protocol implementations are the final objective of developing security protocols and people have paid a special attention to its security analysis. Around the hot issue, first, it briefly introduced the significance of security protocol implementations. Then, based on three assumptions respectively, 1)with security protocol client implementations and server implementations, 2)with security protocol client implementations, 3)without security protocol client implementations and server implementations, and the approaches used, for examples, program verification, model extraction, net-trace and dynamic taint analysis, the related research results are categorized, compared, analyzed and discussed. Finally, the conclusions are presented and the several future works of security analysis of security protocol implementations are introduced.

Key words: model extraction, security protocol implementations, cyberspace security, program verification, net-trace, execution analysis

中图分类号:

TP309

孟博,鲁金钿,王德军,何旭东. 安全协议实施安全性分析综述[J]. 山东大学学报（理学版）, 2018, 53(1): 1-18.

MENG Bo, LU Jin-tian, WANG De-jun, HE Xu-dong. Survey of security analysis of security protocol implementations[J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2018, 53(1): 1-18.

参考文献

[1] 张焕国,韩文报,来学嘉,等. 网络空间安全综述[J]. 中国科学(信息科学), 2016, 46(2):125-164. ZHANG Huanguo, HAN Wenbao, LAI Xuejia, et al. Survey on cyberspace security[J]. Scientia Sinica Informationis, 2016, 46(2):125-164.
[2] 王世伟. 论信息安全、网络安全、网络空间安全[J]. 中国图书馆学报,2015(2):72-84. WANG Shiwei. On information security, network security and cyberspace security[J]. Journal of Library Science in China, 2015(2):72-84.
[3] MIN S K, CHAI S W, HAN M J. An international comparative on cyber security strategy[J]. International Journal of Security and its Applications, 2015, 9(2):13-20.
[4] 朱贯淼,曾凡平,袁园,等. 基于污点跟踪的黑盒fuzzing测试[J].小型微型计算机系统, 2012,33(8):1736-1739. ZHU Guanmiao, ZENG Fanping, YUAN Yuan, et al. Blackbox fuzzing testing based on taint check[J]. Journal of Chinese Mini-Micro Computer Systems, 2012, 33(8):1736-1739.
[5] 赖英旭,刘增辉,蔡晓田,等. 工业控制系统入侵检测研究综述[J]. 通信学报, 2017, 38(2):143-156. LAI Yingxu, LIU Zenghui, CAI Xiaotian, et al. Research on intrusion detection of industrial control system[J]. Journal on Communications, 2017, 38(2):143-156.
[6] 袁琴琴,吕林涛. 基于改进蚁群算法与遗传算法组合的网络入侵检测[J].重庆邮电大学学报(自然科学版), 2017(1):84-89. YUAN Qinqin, LÜ Lintao. Network intrusion detection method based on combination of improved ant colony optimization and genetic algorithm[J]. Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition), 2017(1):84-89.
[7] 张密,杨力,张俊伟. FuzzerAPP:Android应用程序组件通信鲁棒性测试[J].计算机研究与发展, 2017,54(2):338-347. ZHANG Mi, YANG Li,ZHANG Junwei. Fuzzer APP: the robustness test of application component communication in android[J]. Journal of Computer Research and Development, 2017, 54(2):338-347.
[8] 伊胜伟, 张翀斌, 谢丰, 等. 基于Peach的工业控制网络协议安全分析[J].清华大学学报(自然科学版), 2017,57(1):50-54. YI Shengwei, ZHANG Chongbin, XIE Feng, et al. Security analysis of industrial control network protocols based on peach[J]. J Tsinghua Univ(Sci & Technol), 2017, 57(1):50-54.
[9] 陈姝,梁文章. 结合特征点匹配及深度网络检测的运动跟踪[J].电子科技大学学报,2016,45(2):246-251. CHEN Shu, LIANG Wenzhang. Object tracking by combining feature correspondences matching with deep neural network detection[J]. Journal of University of Electronic Science and Technology of China, 2016, 45(2):246-251.
[10] 和亮,冯登国,苏璞睿,等. 基于社团并行发现的在线社交网络蠕虫抑制[J]. 计算机学报, 2015, 38(4):846-858. HE Liang, FENG Dengguo, SU Purui, et al. Parallel community detection based worm containment in online social network[J]. Chinese Journal of Computers, 2015, 38(4):846-858.
[11] 李可,方滨兴,崔翔,等. 僵尸网络发展研究[J]. 软件学报, 2016,53(10):2189-2206. LI Ke, FANG Binxing, CUI Xiang, et al. Study of botnets trends[J]. Journal of Software, 2016, 53(10):2189-2206.
[12] 赵晶玲,陈石磊,曹梦晨,等. 基于离线汇编指令流分析的恶意程序算法识别技术[J].清华大学学报(自然科学版), 2016(5):484-492. ZHAO Jingling, CHEN Shilei, CAO Mengchen, et al. Malware algorithm recognition based on offline instruction-flow analyse[J]. J Tsinghua Univ(Sci & Technol), 2016(5):484-492.
[13] 潘吴斌,程光,郭晓军,等. 网络加密流量识别研究综述及展望[J].通信学报,2016,37(9):154-167. PAN Wubin, CHENG Guang, GUO Xiaojun, et al. Review and perspective on encrypted traffic identification research[J]. Journal on Communications, 2016, 37(9):154-167.
[14] MATTEO A, ALFREDO P, RICCARDO S. Formal verification of security protocol implementations: a survey[J]. Formal Aspects of Computing, 2014, 26(1):99-123.
[15] 雷新锋,宋书民,刘伟兵,等. 计算可靠的密码协议形式化分析综述[J]. 计算机学报, 2014, 37(5):993-1016. LEI Xinfeng, SONG Shumin, LIU Weibing, et al. A survey on computationally sound formal analysis of cryptographic protocol[J]. Chinese Journal of Computers, 2014, 37(5):993-1016.
[16] 张焕国, 吴福生,王后珍,等. 密码协议代码执行的安全验证分析综述[J/OL].计算机学报,2017,40(2). http://kns.cnki.net/kcms/detail/11.1826.TP.20170120.1003.002.html. ZHANG Huanguo, WU Fusheng, WANG Houzhen, et al. A survey:security verification analysis of cryptographic protocols implementations on real code[J/OL]. Chinese Journal of Computers, 2017, 40(2). http://kns.cnki.net/kcms/detail/11.1826.TP.20170120.1003.002.html.
[17] MENG Bo, HUANG Chin-Tser, YANG Yitong, et al. Automatic generation of security protocol implementations written in java from abstract specifications proved in the computational model[J]. International Journal of Network Security, 2017, 19(1):138-153.
[18] MENG Bo, YANG Yitong, ZHANG Jinli, et al. PV2JAVA: automatic generator of security protocol implementations written in java language from the applied pi calculus proved in the symbolic model[J]. International Journal of Security and Its Applications, 2016, 10(11):211-229.
[19] 孟博,王德军.安全协议实施自动化生成与验证[M]. 北京:科学出版社. 2016. MENG Bo, WANG Dejun. Automatic generation and verification of security protocols’ implementations[M]. Beijing: Science Press, 2016.
[20] 孟博,王德军.安全远程网络投票协议[M].北京:科学出版社, 2013. MENG Bo, WANG Dejun. Security remote internet voting protocol[M]. Beijing: Science Press, 2013.
[21] WANG Xinheng, XU Chuan, JIN Wenqiang, et al. A scalable parallel architecture based on many-core processors for generating HTTP traffic[J]. Applied Science, 2017, 7(2):154. DOI: 10.3390/app7020154
[22] GOUBAULT-LARRECQ J, PARRENNES F. Cryptographic protocol analysis on real c code[C] // Proceedings of the 6th International Conference on Verification, Model Checking, and Abstract Interpretation. New York: ACM, 2005: 363-379.
[23] JÜRJENS J. Automated security verification for crypto protocol implementations: verifying the Jessie project[J]. Electronic Notes in Theoretical Computer Science, 2009, 250(1):123-136.
[24] CHAKI S, DATTA A. ASPIER: an automated framework for verifying security protocol implementations[C] // Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium. New York: IEEE, 2009: 172-185.
[25] DUPRESSOIR F, GORDON A D, JÜRJENS J, et al. Guiding a general-purpose c verifier to prove cryptographic protocols[C] // Proceedings of the 24th IEEE Computer Security Foundations Symposium. New York: IEEE, 2011: 3-17.
[26] BHARGAVAN K, FOURNET C, GORDON A D. Modular verification of security protocol code by typing[C] // Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. New York: ACM, 2010: 445-456.
[27] BACKES M, MAFFEI M, UNRUH D. Computationally sound verification of source code[C] // Proceedings of the 17th ACM Conference on Computer and Communications Security. New York: ACM, 2010: 387-398.
[28] BENGTSON J, BHARGAVAN K, FOURNET C, et al. Refinement types for secure implementations[C] // Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium. Washington: IEEE Computer Society, 2008:17-32. DOI:10.1109/CSF.2008.27.
[29] SWAMY N, CHEN C, FOURNET C, et al. Secure distributed programming with value-dependent types[J]. ACM SIGPLAN Notices, 2011, 46(9):266-278.
[30] SWAMY N, HRIT C, KELLER C, et al. Semantic purity and effects reunited in F*[C] // Proceedings of 20th ACM SIGPLAN International Conference on Functional Programming. New York: ACM, 2015. https://www.fstar-lang.org/papers/icfp2015/full.pdf.
[31] SWAMY N, HRI??塃CU C, KELLER C, et al. Dependent types and multi-monadic effects in F*[C] // Proceedings of the 43rd annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages(POPL’16). New York: ACM, 2016: 256-270.
[32] AIZATULIN M, GORDON A D, JÜRJENS J. Extracting and verifying cryptographic models from C protocol code by symbolic execution[C] // Proceedings of the 18th ACM Conference on Computer and Communications Security. New York: ACM, 2011: 331-340.
[33] BHARGAVAN K, FOURNET C, GORDON A D, et al. Verified interoperable implementations of security protocols[C] // ACM Transactions on Programming Languages and Systems. New York: ACM, 2008, 31(1):61 pages.
[34] BHARGAVAN K, CORIN R, FOURNET C, et al. Automated computational verification for cryptographic protocol implementations[EB/OL] (2009.1.1)[2017.3.24].http://msr-inria.inria.fr/projects/sec/fs2cv/fs2cv-draft.pdf.
[35] BHARGAVAN K, CORIN R, FOURNET C, et al. Cryptographically verified implementations for TLS[C] // Proceedings of the 15th ACM Conference on Computer and Communications Security. New York: ACM, 2008: 459-468.
[36] AIZATULIN M, GORDON A D, JÜRJENS J. Extracting and verifying cryptographic models from C protocol code by symbolic execution[C] // Proceedings of the 18th ACM Conference on Computer and Communications Security. New York: ACM, 2011: 331-340.
[37] AIZATULIN M, GORDON A, JÜRJENS J. Computational verification of c protocol implementations by symbolic execution[C] // Proceedings of the 2012 19th ACM Conference on Computer and Communications Security. New York: ACM, 2012: 712-723.
[38] NICHOLAS O'S. Using Elygah to analyses Java implementations of cryptographic protocols[C] // Proceedings of FCS-ARSPA-WITS'08. New York: IEEE, 2008: 211-223.
[39] LI Zimao, MENG Bo, WANG Dejun, et al. Mechanized verification of cryptographic security of cryptographic security protocol implementation in JAVA through model extraction in the computational model[J]. Journal of Software Engineering, 2015, 9(1):1-32.
[40] BHARGAVAN K, BLANCHET B, KOBEISSI N. Verified models and reference implementations for the TLS 1.3 standard candidate[C] // Proceedings of the 38th IEEE Symposium on Security and Privacy. New York: IEEE, 2017: 483-502.
[41] BAI G D, LEI J, MENG G Z, et al. AUTHSCAN: automatic extraction of web authentication protocols from implementations[C] // Proceedings of the 20th Annual Network & Distributed System Security Symposium, New York: IEEE, 2013.
[42] FETT D, KÜSTERS R, SCHMITZ G. Analyzing the browserID SSO System with primary identify provider using an expressive model of the web[C] // Proceedings of 20th European Symposium on Research in Computer Security. Berlin: Springer-Verlag, 2015: 43-65.
[43] PELLEGRINO G, TSCHÜRTZ C, Bodden E, et al. jÄk: using dynamic analysis to crawl and test modern web applications[C] / /International Workshop on Recent Advances in Intrusion Detection Research in Attacks, Instructions and Defense, Lecture Notes in Computer Science. Berlin: Springer-Verlag, 2015: 295-316.
[44] ZUO Chaoshun, WANG Wubing, WANG Rui, et al. Automatic forgery of cryptographically consistent messages to identify security vulnerabilities in mobile services[C] // Proceedings of The Network and Distributed System Security Symposium 2016(NDSS’16). California: Internet Society, 2016.
[45] YE Q, BAI G, WANG K, et al. Formal analysis of a single sign-on protocol implementation for android[C] // Proceedings of 20th International Conference on Engineering of Complex Computer System. New York: IEEE, 2015: 90-99.
[46] KOBEISSI N, BHARGAVAN K, BLANCHET B. Automatic verification for secure messaging protocols and their implementations: a symbolic and computational approach[C] // Proceedings of the 2nd IEEE European Symposium on Security and Privacy. New York: IEEE, 2017.
[47] ZHOU Y, EVANS D. SSOScan: Automated testing of web applications for single sign-on vulnerabilities[C] // Proceedings of the 23rd USENIX Security Symposium. New York: ACM, 2014: 495-510.
[48] SHERNAN E, CARTER H, TIAN D, et al. More guidelines than rules: CSRF vulnerabilities from noncompliant OAuth 2.0 implementations[C] //Proceedings of 12th International Conferences on Detection of Intrusions and Malware, and Vulnerability Assessment(DIMVA 2015). Berlin: Springer-Verlag, 2015: 239-260.
[49] SUDHODANAN A, ARMANDO A, CARBONE R, et al. Attack patterns for black-box security testing of multi-party web applications[C] // Proceedings of The Network and Distributed System Security Symposium 2016, California: Internet Society, 2016.
[50] FETT D, KUESTERS R, SCHMITZ G. SPRESSO: A secure, privacy-respecting single sign-on system for the web[C] // Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2015: 1358-1369.
[51] 吴礼发,王辰,洪征,等.协议状态机推断技术研究进展[J].计算机应用研究,2015,32(7):1931-1936. WU Lifa, WANG CHEN, HONG Zheng, et al. Overview on protocol state machine inference: a survey[J]. Application Research of Computer, 2015, 32(7):1931-1936.
[52] 潘璠,吴礼发,杜有翔,等.协议逆向工程研究进展[J].计算机应用研究,2011,28(8):2801-2806. PAN Fan, WU Lifa, DU Youxiang, et al. Overviews on protocol reverse engineering[J]. Application Research of Computer, 2011, 28(8):2801-2806.
[53] NARAYAN J, SHUKLAS K T, CLANCY C T. A survey of automatic protocol reverse engineering tools[J]. ACM Computing Survey, 2015, 48(3):1-26.
[54] DUCHÊNE J, GUERNIC C J, ALATA E, et al. State of the art of network protocol reverse engineering tools[J]. Journal of Computer Virology and Hacking Techniques, 2017: 1-16.
[55] BEDDOE M. Protocol information Project[EB/OL].(2004-10-05)[2017.4.23].http://www.4tphi.net/~awalters/PI/PI.html.
[56] CUI W D, KANNAN J K, WANG H. Discover: automatic protocol reverse engineering from network trace[C] // Proceedings of the 16th USENIX Security Symposium on USENIX Security Symposium, USENIX Association Berkely. New York: ACM, 2007: No.14.
[57] TRIFILÒ A, BURSCHKA S, BIERSACK E. Traffic to protocol reverse engineering[C] // Proceedings of the 2009 IEEE Symposium on Computational Intelligence in Security and Defense Application(CISDA2009). New York: IEEE, 2009: 257-264.
[58] WANG Y P, LI X J, MENG J, et al. 2011a. Biprominer: automatic mining of binary protocol features[C] // Proceedings of 12th International Conference on Parallel and Distributed Computing, Applications and Technologies(PDCAT). New York: IEEE, 2011: 179–184.
[59] WANG Yipeng, YUN Xiaochun, SHAFIQ M Z, et al. A semantics aware approach to automated reverse engineering unknown protocols[C] // Proceedings of 20th IEEE International Conference on Network Protocols(ICNP). New York: IEEE, 2012.
[60] BERMUDEZ I, TONGAONKARA A, ILIOFOTOUB M, et al. Towards automatic protocol field inference[J]. Computer Communications, 2016, 84(C):40-51.
[61] KRUEGER T, KRAMER N, RIECK K. ASAP: automatic semantics-ware analysis of network payloads[C] // Proceedings of the ECML/PKDD Workshop on Privacy and Security Issues in Data Mining and Machine Learning(PSDML2010). Berlin: Springer Verlag, 2010: 50-63.
[62] LUO Jianzhen, YU Shunzheng. Position-based automatic reverse engineering of network protocols[J]. Journal of Network and Computer Applications, 2013, 36(3): 1070-1077.
[63] 戴理,舒辉, 黄荷洁. 基于数据流分析的网络协议逆向解析技术[J]. 计算机应用,2013, 33(5):1217-1221. DAI Li, SHU Hui, HUANG Hejie. Network protocol reverse parsing technique based on dataflow analysis[J].Journal of Computer Applications, 2013, 33(5):1217-1221.
[64] ZHANG Zhuo, ZHANG Zhibin, LEE P P C, et al. Proword: an unsupervised approach to protocol feature word extraction[C] // Proceedings of IEEE Conference on Computer Communications, IEEE INFOCOM 2014. New York: IEEE, 2014: 1393-1401.
[65] YUN Xiaochun, WANG Yipeng, ZHANG Yongzheng, et al. A semantics-aware approach to the automated network protocol identification[J]. IEEE/ACM Transactions on Networking. 2016, 24(1):583-595.
[66] TAO S Y, YU H G, LI Q. Bit-oriented format extraction approach for automatic binary protocol reverse engineering[J]. IET Communications, 2016, 10(6):709-716.
[67] XIAO Mingming, ZHANG Shilong, LUO Yuping. Automatic network protocol message format analysis[J]. Journal of Intelligent & Fuzzy Systems, 2016, 31(4):2271-2279.
[68] ROWE P D, GUTTMAN J D, LISKOV M D. Measuring protocol strength with security goals[J]. International journal of Information Security, 2016, 15(6):575-596.
[69] LIM J, REPS T, LIBLIT B. Extracting Output Formats from Executables[C] // Proceedings of the 13th Working Conference on Reverse Engineering, WCRE’06. New York: IEEE, 2006: 167-178.
[70] CABALLERO J, YIN H, LIANG Z K, et al. Polyglot: automatic extraction of protocol message format using dynamic binary analysis[C] // Proceedings of the 14th ACM Conference on Computer and Communications Security. New York: ACM, 2007: 317-329.
[71] WONDRACEK G, COMPARETTI P M, KRUEGEL C, et al. Automayic network protocol analysis[C] // Proceedings of the 16th Annual Network & Distributed System Security Symposium(NDSS’2008). California: Internet Society, 2008.
[72] LIN Zhiqiang, JIANG Xuxian, XU Dongyan, et al. Automatic protocol format reverse engineering through context-aware monitored execution[C] // Proceedings of 15th Symposium on Network and Distributed System Security, NDSS’2008. California: Internet Society, 2008.
[73] COMPARETTI P M, WONDRACEK G, KRUEGEL C, et al. Prospex: protocol specification extraction[C] // Proceedings of 30th IEEE Symposium on Security & Privacy. New York: IEEE, 2009: 110-125.
[74] CUI W D, PEINADO M, CHEN K, et al. Tupni: automatic reverse engineering of input formats[C] // Proceedings of 15th ACM Conference on Computer and Communications Security. New York: ACM, 2008: 391-402.
[75] WANG Z, IANG X X, CUI W D, et al. ReFormat: automatic reverse engineering of encrypted messages[C] // Proceedings of the 14th European conference on Research in Computer Security. Berlin: Springer- Verlag, 2009: 200-215.
[76] LIN Zhiqiang, ZHANG Xiangyu, XU Dongyan. Reverse engineering input syntactic structure from program execution and its applications[J].IEEE Transaction on Software Engineering, 2010, 36(5):688-703.
[77] LUTZ N, TELLENBACH B.Towards revealing Attackers’ intent by automatically decrypting networking traffic.[EB/OL].[2017-04-02].http://www.kutter-fonds.ethz.ch/App_Themes/default/datalinks/NoeLutz-08.pdf.
[78] CABALLERO J, POOSANKAM P, KREIBICH C, et al. Dispatcher: enabling active botnet infiltration using automatic protocol reverse-engineering[C] // Proceedings of the 16th ACM Conference on Computer and Communications Security. New York: ACM, 2009: 621-634.
[79] LIU Min, JIA Chunfu, LIU Lu, et al. Extracting sent message formats from executables using backward slicing[C] // Proceedings of 4th International Conference on Emerging Intelligent Data and Web Technologies(EIDWT). New York: IEEE, 2013: 377-384.
[80] 石小龙,祝跃飞,刘龙,等. 加密通信协议的一种逆向分析方法[J]. 计算机应用研究,2015,32(1):214-217, 221. SHI Xiaolong, ZHU Yuefei, LIU Long, et al. Method of encrypted protocol reverse engineering[J]. Application Research of Computers, 2015, 32(1):214-217, 221.
[81] WEN Lin, FEI Jinlong, ZHU Yuefei, et al. A method of multiple encryption and sectional encryption protocol reverse engineering[C] // Proceedings of 10th International Conference on Computational Intelligence and Security. New York: IEEE, 2015: 420-424.
[82] LI Meijian, WANG Yongjun, XIE Peidai,et al. Reverse analysis of secure communication protocol based on taint analysis[C] // Proceedings of 2014 Communications Security Conference. New York: IEEE, 2014.
[83] 朱玉娜,韩继红,袁霖,等. 基于熵估计的安全协议密文域识别方法[J]. 电子与信息学报,2016, 38(8):1865-1871. ZHU Yuna, HAN Jihong, YUAN Lin, et al. Protocol ciphertext field identification by entropy estimating[J]. Journal of Electronics & Information Technology, 2016, 38(8):1865-1871.
[84] NEWSOME J, BRUMLEY D, FRANKLIN J, et al. Replayer: automatic protocol relay by binary analysis[C] // Proceedings of 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006: 311-321.
[85] HTTPS使用率—Google透明度报告[EB/OL].(2017.4.16)[2017.4.25]. https://www.google.com/transparencyreport/https/metrics/?hl=zh-CN. The usage of HTTPS-Transparency report of google[EB/OL].(2017.4.16)[2017.4.25] https://www.google.com/transparencyreport/https/metrics/?hl=zh-CN.

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed