Apr 06, 2016
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Finding Specification Noncompliance and Attacks in Wireless Network Protocol Implementations"
Several newly emerged wireless technologies (e.g., Internet-of-Things)---extensively backed by the tech industry---are being widely adopted and have resulted in a proliferation of diverse smart appliances and gadgets (e.g., smart thermostat, wearables, smartphones), which has ensuingly shaped our modern digital life. These technologies utilize several communication protocols that usually have stringent requirements stated in their specifications or standards, which their implementations are expected to comply with. Noncompliance exhibited by an implementation can cause interoperability issues, inconsistent behavior, or even security vulnerabilities.
Automatically detecting whether a protocol implementation is noncompliant with a given property is a long-standing and challenging problem. Moreover, lack of robustness in a protocol implementation to malicious attacks---exploiting subtle vulnerabilities in the implementation---mounted by the compromised nodes in an adversarial environment can limit the practical utility of the implementation by impairing the performance of the protocol and can even have detrimental effects on the availability of the network.
Given the stake associated with these wireless technologies, the requirement to ensure secure and reliable operations of the protocol implementations calls for pre-deployment measures. In this talk, I will focus on fortifying these emerging technologies along two dimensions. I will first present an automated framework that enables a developer to check whether a protocol implementation violates its desired properties derived from its specifications and standards.
Finally, I will present an automated adversarial testing platform to help developers find malicious attacks that impair the performance of their protocol implementations.
About the Speaker
Endadul Hoque is a Postdoctoral Research Associate at Northeastern University working with Prof. Cristina Nita-Rotaru and a visiting scholar at Purdue University. He received his PhD in computer science from Purdue University in 2015. His research interests include reliability and security of network protocols and distributed systems. In particular, his approach involves building efficient techniques to automate compliance checking and testing of network protocol implementations and distributed systems in the presence of failures and/or malicious attacks. During his PhD, he was awarded the Graduate Teaching Fellowship in 2014 and the Bilsland Dissertation Fellowship in 2015 to support his dissertation work.
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...