Finding Specification Noncompliance and Attacks in Wireless Network Protocol Implementations

Apr 06, 2016

Download: MP4 Video Size: 149.2MB  
Watch on YouTube

Abstract

Several newly emerged wireless technologies (e.g., Internet-of-Things)---extensively backed by the tech industry---are being widely adopted and have resulted in a proliferation of diverse smart appliances and gadgets (e.g., smart thermostat, wearables, smartphones), which has ensuingly shaped our modern digital life. These technologies utilize several communication protocols that usually have stringent requirements stated in their specifications or standards, which their implementations are expected to comply with. Noncompliance exhibited by an implementation can cause interoperability issues, inconsistent behavior, or even security vulnerabilities.

Automatically detecting whether a protocol implementation is noncompliant with a given property is a long-standing and challenging problem. Moreover, lack of robustness in a protocol implementation to malicious attacks---exploiting subtle vulnerabilities in the implementation---mounted by the compromised nodes in an adversarial environment can limit the practical utility of the implementation by impairing the performance of the protocol and can even have detrimental effects on the availability of the network.

Given the stake associated with these wireless technologies, the requirement to ensure secure and reliable operations of the protocol implementations calls for pre-deployment measures. In this talk, I will focus on fortifying these emerging technologies along two dimensions. I will first present an automated framework that enables a developer to check whether a protocol implementation violates its desired properties derived from its specifications and standards.

Finally, I will present an automated adversarial testing platform to help developers find malicious attacks that impair the performance of their protocol implementations.