CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Finding Specification Noncompliance and Attacks in Wireless Network Protocol Implementations

Endadul Hoque

Endadul Hoque

Apr 06, 2016

Size: 149.2MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Several newly emerged wireless technologies (e.g., Internet-of-Things)---extensively backed by the tech industry---are being widely adopted and have resulted in a proliferation of diverse smart appliances and gadgets (e.g., smart thermostat, wearables, smartphones), which has ensuingly shaped our modern digital life. These technologies utilize several communication protocols that usually have stringent requirements stated in their specifications or standards, which their implementations are expected to comply with. Noncompliance exhibited by an implementation can cause interoperability issues, inconsistent behavior, or even security vulnerabilities.

Automatically detecting whether a protocol implementation is noncompliant with a given property is a long-standing and challenging problem. Moreover, lack of robustness in a protocol implementation to malicious attacks---exploiting subtle vulnerabilities in the implementation---mounted by the compromised nodes in an adversarial environment can limit the practical utility of the implementation by impairing the performance of the protocol and can even have detrimental effects on the availability of the network.

Given the stake associated with these wireless technologies, the requirement to ensure secure and reliable operations of the protocol implementations calls for pre-deployment measures. In this talk, I will focus on fortifying these emerging technologies along two dimensions. I will first present an automated framework that enables a developer to check whether a protocol implementation violates its desired properties derived from its specifications and standards.

Finally, I will present an automated adversarial testing platform to help developers find malicious attacks that impair the performance of their protocol implementations.

About the Speaker

Endadul Hoque is a Postdoctoral Research Associate at Northeastern University working with Prof. Cristina Nita-Rotaru and a visiting scholar at Purdue University. He received his PhD in computer science from Purdue University in 2015. His research interests include reliability and security of network protocols and distributed systems. In particular, his approach involves building efficient techniques to automate compliance checking and testing of network protocol implementations and distributed systems in the presence of failures and/or malicious attacks. During his PhD, he was awarded the Graduate Teaching Fellowship in 2014 and the Bilsland Dissertation Fellowship in 2015 to support his dissertation work.


Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.