Mechanized Network Origin and Path Authenticity Proofs

Zhang, Fuyuan; Jia, Limin; Băsescu, Cristina; Kim, Tiffany Hyun-Jin; Hu, Yih-Chun; Perrig, Adrian

doi:10.1145/2660267.2660349

Cited by 20 publications

(16 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zhang et al [20] prove source authentication and path validation properties of the OPT packet forwarding protocols [35]. These properties differ from those that we study here.…”

Section: B Verification Of Secure Data Plane Protocolscontrasting

confidence: 77%

“…Since path-aware Internet architectures and path authoriza- tion are relatively new concepts, there is little existing verification work. The most closely related works are the verification of a weaker AS-local form of path authorization [19] and of different security properties [20] for such architectures. Both of these works mechanize their proofs in Coq using a nonfoundational approach, i.e., relying on an axiomatization or external tools.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Formal Verification of Secure Forwarding Protocols

Klenze

Sprenger

Basin

2021

2021 IEEE 34th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Today's Internet is built on decades-old networking protocols that lack scalability, reliability, and security. In response, the networking community has developed path-aware Internet architectures that solve these issues while simultaneously empowering end hosts. In these architectures, autonomous systems construct authenticated forwarding paths based on their routing policies. Each end host then selects one of these authorized paths and includes it in the packet header, thus allowing routers to efficiently determine how to forward the packet. A central security property of these architectures is path authorization, requiring that packets can only travel along authorized paths. This property protects the routing policies of autonomous systems from malicious senders.The fundamental role of packet forwarding in the Internet and the complexity of the authentication mechanisms employed call for a formal analysis. In this vein, we develop in Isabelle/HOL a parameterized verification framework for path-aware data plane protocols. We first formulate an abstract model without an attacker for which we prove path authorization. We then refine this model by introducing an attacker and by protecting authorized paths using (generic) cryptographic validation fields. This model is parameterized by the protocol's authentication mechanism and assumes five simple verification conditions that are sufficient to prove the refinement of the abstract model. We validate our framework by instantiating it with several concrete protocols from the literature and proving that they each satisfy the verification conditions and hence path authorization. No invariants must be proven for the instantiation. Our framework thus supports low-effort security proofs for data plane protocols. The results hold for arbitrary network topologies and sets of authorized paths, a guarantee that state-of-the-art automated security protocol verifiers cannot currently provide.

show abstract

“…Zhang et al [20] prove source authentication and path validation properties of the OPT packet forwarding protocols [35]. These properties differ from those that we study here.…”

Section: B Verification Of Secure Data Plane Protocolscontrasting

confidence: 77%

Section: Introductionmentioning

confidence: 99%

Formal Verification of Secure Forwarding Protocols

Klenze

Sprenger

Basin

2021

2021 IEEE 34th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…OPT's (Origin and Path Trace) [48] security properties have been formally verified using the Coq interactive theorem prover in [49]. Isabelle is used to give a mechanized proof of the Basic Perturbation Lemma in [50] and to verify the correctness of Warren Abstract Machine (WAM) in [51].…”

Section: Application Of Toolsmentioning

confidence: 99%

Cryptographic Protocols Specification and Verification Tools - A Survey

Shinde¹,

Umbarkar²,

Pillai³

2017

IJCT

View full text Add to dashboard Cite

Cryptographic protocols cannot guarantee the secure operations by merely using state-of-the-art cryptographic mechanisms. Validation of such protocols is done by using formal methods. Various specialized tools have been developed for this purpose and are being used to validate real life cryptographic protocols. These tools give feedback to the designers of protocols in terms of loops and attacks in protocols to improve security. In this paper, we discuss the brief history of formal methods and tools that are useful for the formal verification of the cryptographic protocols.

show abstract

“…The security properties of chained MACs with respect to path validation have been formalized and verified for a decentralized setting [23]. The centralized control in SDN simplifies key management, since the controller sets up the shared symmetric keys with the switches; sophisticated key-establishment protocols are not needed.…”

Section: Path Deviation Attacksmentioning

confidence: 99%

SDNsec: Forwarding Accountability for the SDN Data Plane

Sasaki

Pappas

Lee

et al. 2016

2016 25th International Conference on Computer Communication and Networks (ICCCN)

Self Cite

View full text Add to dashboard Cite

SDN promises to make networks more flexible, programmable, and easier to manage. Inherent security problems in SDN today, however, pose a threat to the promised benefits. First, the network operator lacks tools to proactively ensure that policies will be followed or to reactively inspect the behavior of the network. Second, the distributed nature of state updates at the data plane leads to inconsistent network behavior during reconfigurations. Third, the large flow space makes the data plane susceptible to state exhaustion attacks. This paper presents SDNsec, an SDN security extension that provides forwarding accountability for the SDN data plane. Forwarding rules are encoded in the packet, ensuring consistent network behavior during reconfigurations and limiting state exhaustion attacks due to table lookups. Symmetric-key cryptography is used to protect the integrity of the forwarding rules and enforce them at each switch. A complementary path validation mechanism allows the controller to reactively examine the actual path taken by the packets. Furthermore, we present mechanisms for secure link-failure recovery and multicast/broadcast forwarding.

show abstract

Mechanized Network Origin and Path Authenticity Proofs

Cited by 20 publications

References 39 publications

Formal Verification of Secure Forwarding Protocols

Formal Verification of Secure Forwarding Protocols

Cryptographic Protocols Specification and Verification Tools - A Survey

SDNsec: Forwarding Accountability for the SDN Data Plane

Contact Info

Product

Resources

About