Finding Specification Noncompliance and Attacks in Wireless Network Protocol Implementations
Apr 06, 2016Size: 149.2MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractSeveral newly emerged wireless technologies (e.g., Internet-of-Things)---extensively backed by the tech industry---are being widely adopted and have resulted in a proliferation of diverse smart appliances and gadgets (e.g., smart thermostat, wearables, smartphones), which has ensuingly shaped our modern digital life. These technologies utilize several communication protocols that usually have stringent requirements stated in their specifications or standards, which their implementations are expected to comply with. Noncompliance exhibited by an implementation can cause interoperability issues, inconsistent behavior, or even security vulnerabilities.
Automatically detecting whether a protocol implementation is noncompliant with a given property is a long-standing and challenging problem. Moreover, lack of robustness in a protocol implementation to malicious attacks---exploiting subtle vulnerabilities in the implementation---mounted by the compromised nodes in an adversarial environment can limit the practical utility of the implementation by impairing the performance of the protocol and can even have detrimental effects on the availability of the network.
Given the stake associated with these wireless technologies, the requirement to ensure secure and reliable operations of the protocol implementations calls for pre-deployment measures. In this talk, I will focus on fortifying these emerging technologies along two dimensions. I will first present an automated framework that enables a developer to check whether a protocol implementation violates its desired properties derived from its specifications and standards.
Finally, I will present an automated adversarial testing platform to help developers find malicious attacks that impair the performance of their protocol implementations.
About the SpeakerEndadul Hoque is a Postdoctoral Research Associate at Northeastern University working with Prof. Cristina Nita-Rotaru and a visiting scholar at Purdue University. He received his PhD in computer science from Purdue University in 2015. His research interests include reliability and security of network protocols and distributed systems. In particular, his approach involves building efficient techniques to automate compliance checking and testing of network protocol implementations and distributed systems in the presence of failures and/or malicious attacks. During his PhD, he was awarded the Graduate Teaching Fellowship in 2014 and the Bilsland Dissertation Fellowship in 2015 to support his dissertation work.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.