Protocol Security Testing best practice
Upcoming SlideShare
Loading in...5
×
 

Protocol Security Testing best practice

on

  • 622 views

A way to do security testing on network protocol (DNS, TCP/IP etc) as fuzzy testing.

A way to do security testing on network protocol (DNS, TCP/IP etc) as fuzzy testing.

Statistics

Views

Total Views
622
Views on SlideShare
621
Embed Views
1

Actions

Likes
0
Downloads
7
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Protocol Security Testing best practice Protocol Security Testing best practice Presentation Transcript

    • Liang Gao (lgao@sigma-rt.com)
    • 2 214-748-3647Most popularphone numberin US Largest 32 bitsigned number Store phonenumber in asigned 32 bitsand didn’t checkbuffer overflow
    • *Boundary value testing ensures properfunctionality at the boundary (or edges) orallowable data input. Boundary values includemaximum, minimum, just inside/outsideboundary, typical values, and error (malformedvalues).* Looking for problems in error handling, mainlyon protocol parsing code
    • 41. Value Boundary Testing2. Logic Boundary Testing3. Performance Boundary Testing
    • 6
    • 7*Create reasonable number of malformedpackets to cover all PDUs, all fields in PDUswith enough boundary values.*Individual fields boundary checkVary each field of PDU with boundary valuesCover all fields in a PDU*Combination fields boundary checkVary Multiple fields in a PDU with boundaryvalues the same time.
    • 10* Boundary Testing Test Case ExplosionTheoretically we want to test code against allpossible combinations with all values in a packet.* A minimum size OSPF Hello PDU along has 18fields, 234 bit long, totally 2234 possible packets.* OSPF protocol has 5 type of LSAs, 4 type of PDUs.* Almost impossible to cover.
    • 11Structured approach (major effort)Build Malformed Packet as smart as possible*For each field , we want to try at least 5 valuesMaximum value; Maximum value + 1 (if possible); Minimum valueMinimum value -1 (if possible); Invalid value*For a minimum size of OSPF Hello PDU, we want to test 8fields, totally 58 = 390,625 packets*Bounded to the best knowledge of a tester towards aprotocol*Conclusion – Protocol Fuzzing Tool + extensions
    • 12Un-Structured approach (supplement effort)Build as many packets as possible*Unstructured randomization Testing,randomize all fields in a PDU the same timeand test for a long period of time.*Simple, low effort, could be run at thebackground while working on the structuredapproach.*Not bounded to testers knowledge.Billion packets march?
    • 13
    • 141. Value Boundary Testing2. Logic Boundary Testing3. Performance Boundary Testing
    • 15
    • 16
    • 17*Most likely Protocol Dependent*Creative Attacking involved*An Attack Tree Structure Approachdraft-convery-bgpattack-01.txtdraft-jones-OSPF-vuln-01.txt
    • 18Setup the Atomic Goals* Compromise MD5 authentication* Establish unauthorized OSPF neighbor with a OSPF router* Originate unauthorized prefix into OSPF neighbor routetable* Change path preference of a prefix* Conduct denial/degradation of service against OSPF process* Tear down OSPF neighbor* Spoof/hijack a OSPF neighbor* Forge/Spoof OSPF LSA
    • 19Forge/Spoof LSA –Attack*Sequence Number ++ Attack*MaxAge Attack*MaxSeq Number Attack*Link State ID Attack*Max Age Different Attack*RFC State Machine Attack
    • 201. Value Boundary Testing2. Logic Boundary Testing3. Performance Boundary Testing
    • 21How box perform when protocol underattack?* CPU Usage (Process, Interrupt)* Transit Packet Loss* Latency* Attacked Interface Packet Transit Packet Loss* Memory Usage* Routing protocol convergence
    • 22
    • 23