Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
184 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Formal Analysis of SCTP: Attack Synthesis and Patch Verification (2403.05663v1)

Published 8 Mar 2024 in cs.CR

Abstract: SCTP is a transport protocol offering features such as multi-homing, multi-streaming, and message-oriented delivery. Its two main implementations were subjected to conformance tests using the PacketDrill tool. Conformance testing is not exhaustive and a recent vulnerability (CVE-2021-3772) showed SCTP is not immune to attacks. Changes addressing the vulnerability were implemented, but the question remains whether other flaws might persist in the protocol design. We study the security of the SCTP design, taking a rigorous approach rooted in formal methods. We create a formal Promela model of SCTP, and define 10 properties capturing the essential protocol functionality based on its RFC specification and consultation with the lead RFC author. Then we show using the Spin model checker that our model satisfies these properties. We define 4 attacker models - Off-Path, where the attacker is an outsider that can spoof the port and IP of a peer; Evil-Server, where the attacker is a malicious peer; Replay, where an attacker can capture and replay, but not modify, packets; and On-Path, where the attacker controls the channel between peers. We modify an attack synthesis tool designed for transport protocols, Korg, to support our SCTP model and four attacker models. We synthesize 14 unique attacks using the attacker models - including the CVE vulnerability in the Off-Path attacker model, 4 attacks in the Evil-Server attacker model, an opportunistic ABORT attack in the Replay attacker model, and eight connection manipulation attacks in the On-Path attacker model. We show that the proposed patch eliminates the vulnerability and does not introduce new ones according to our model and protocol properties. Finally, we identify and analyze an ambiguity in the RFC, which we show can be interpreted insecurely. We propose an erratum and show that it eliminates the ambiguity.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (66)
  1. packetdrill. https://github.com/nplab/packetdrill/tree/master. Commit 7f3daabd7feed2b18b958e870f973fec92879d98, accessed 31 July 2023.
  2. SCTP. https://github.com/torvalds/linux/tree/master/net/sctp. Accessed 15 March 2023.
  3. User Datagram Protocol. RFC 768, Aug. 1980.
  4. Sctp. https://man.freebsd.org/cgi/man.cgi?query=sctp&sektion=4&manpath=FreeBSD+7.0-RELEASE, 2006. Accessed 1 May 2023.
  5. Data communication. https://webrtcforthecurious.com/docs/07-data-communication/, November 2022. Accessed 31 July 2023.
  6. Toward formally verifying congestion control behavior. In Proceedings of the 2021 ACM SIGCOMM 2021 Conference (2021), pp. 1–16.
  7. A formal analysis of 5g authentication. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security (2018), pp. 1383–1396.
  8. The emv standard: Break, fix, verify. In 2021 IEEE Symposium on Security and Privacy (SP) (2021), IEEE, pp. 1766–1781.
  9. Bellovin, S. M. Security problems in the tcp/ip protocol suite. ACM SIGCOMM Computer Communication Review 19, 2 (1989), 32–48.
  10. Ben Henda, N. Generic and efficient attacker models in spin. In Proceedings of the 2014 international SPIN symposium on model checking of software (2014), pp. 77–86.
  11. Verified models and reference implementations for the tls 1.3 standard candidate. In 2017 IEEE Symposium on Security and Privacy (SP) (2017), IEEE, pp. 483–502.
  12. A formal treatment of accountable proxying over tls. In 2018 IEEE Symposium on Security and Privacy (SP) (2018), IEEE, pp. 799–816.
  13. Modeling and verifying security protocols with the applied pi calculus and proverif. Foundations and Trends® in Privacy and Security 1, 1-2 (2016), 1–135.
  14. PacketDrill: Scriptable network stack testing, from sockets to packets. In 2013 USENIX Annual Technical Conference (USENIX ATC 13) (2013), pp. 213–218.
  15. Stream Control Transmission Protocol (SCTP) Specification Errata and Issues. RFC 4460, Apr. 2006.
  16. Performance evaluation of the stream control transmission protocol. In MELECON 2006-2006 IEEE Mediterranean Electrotechnical Conference (2006), IEEE, pp. 781–784.
  17. A comprehensive symbolic analysis of tls 1.3. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017), pp. 1773–1788.
  18. On the security of public key protocols. IEEE Transactions on information theory 29, 2 (1983), 198–208.
  19. Eddy, W. Transmission Control Protocol (TCP). RFC 9293, Aug. 2022.
  20. Automata-based automated detection of state machine bugs in protocol implementations. In NDSS (2022).
  21. Datagram Congestion Control Protocol (DCCP). RFC 4340, Mar. 2006.
  22. Performance modeling of SCTP multihoming. In GLOBECOM’05. IEEE Global Telecommunications Conference, 2005. (2005), vol. 2, IEEE, pp. 6–pp.
  23. Allennlp: A deep semantic natural language processing platform. arXiv preprint arXiv:1803.07640 (2018).
  24. A formal analysis of iso/ieee p11073-20601 standard of medical device communication. In 2009 3rd Annual IEEE Systems Conference (2009), IEEE, pp. 163–166.
  25. Gont, F. ICMP attacks against TCP. https://datatracker.ietf.org/doc/rfc5927/, july 2022.
  26. Questions on rfc4960 abort init tag equal 0 in init msg and manditory info less than 20 bytes. https://mailarchive.ietf.org/arch/msg/tsvwg/nna1IVrRIKPBKOwmv5JC3X5UQSA/. Accessed 5 February 2024.
  27. Tcp/ip security threats and attack methods. Computer communications 22, 10 (1999), 885–897.
  28. Holzmann, G. J. The model checker SPIN. IEEE Transactions on software engineering 23, 5 (1997), 279–295.
  29. Holzmann, G. J. Redundant software (and hardware) ensured curiosity reached its destination and functioned as its designers intended. Communications of the ACM (2 2014).
  30. Automating software feature verification. Bell Labs Technical Journal 5, 2 (2000), 72–87.
  31. Automated attack discovery in tcp congestion control using a model-guided approach. In NDSS (2018).
  32. Leveraging textual specifications for grammar-based fuzzing of network protocols. In Proceedings of the AAAI Conference on Artificial Intelligence (2019), vol. 33, pp. 9478–9483.
  33. Khot, I. A smaller, faster video calling library for our apps. https://engineering.fb.com/2020/12/21/video-engineering/rsys/, december 2020. Accessed 31 July 2023.
  34. Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach. In 2017 IEEE European symposium on security and privacy (EuroS&P) (2017), IEEE, pp. 435–450.
  35. What’s new in the remote desktop WebRTC redirector service. https://learn.microsoft.com/en-us/azure/virtual-desktop/whats-new-webrtc, April 2023. Accessed 31 July 2023.
  36. Long, X. SCTP enhancements for the verification tag. https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df. Accessed 5 February 2024.
  37. Long, X. https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df, October 2021.
  38. Modelagem e análise formal de algumas funcionalidades de um protocolo de transporte através das redes de petri. Accessed 2 August 2023 at https://docplayer.com.br/146114380-Modelagem-e-analise-formal-de-algumas-funcionalidades-de-um-protocolo-de-transporte-atraves-das-redes-de-petri.html.
  39. Synthesis of winning attacks on communication protocols using supervisory control theory: two case studies. Discrete Event Dynamic Systems (2022), 1–38.
  40. Formal specification and testing of QUIC. In Proceedings of the ACM Special Interest Group on Data Communication. 2019, pp. 227–240.
  41. The tamarin prover for the symbolic analysis of security protocols. In Computer Aided Verification: 25th International Conference, CAV 2013, Saint Petersburg, Russia, July 13-19, 2013. Proceedings 25 (2013), Springer, pp. 696–701.
  42. The 5g key-establishment stack: In-depth formal verification and experimentation. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (2022), pp. 237–251.
  43. Model checking large network protocol implementations. In NSDI (2004), vol. 4, pp. 12–12.
  44. Automated attack synthesis by extracting finite state machines from protocol specification documents. In 2022 IEEE Symposium on Security and Privacy (SP) (2022), IEEE, pp. 51–68.
  45. Practical emv relay protection. In 2022 IEEE Symposium on Security and Privacy (SP) (2022), IEEE, pp. 1737–1756.
  46. Red Hat, I. CVE-2021-3772 detail. https://nvd.nist.gov/vuln/detail/CVE-2021-3772. Accessed 15 March 2023.
  47. Rescorla, E. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446, Aug. 2018.
  48. The datagram transport layer security (DTLS) protocol version 1.3. https://www.rfc-editor.org/rfc/rfc9147, April 2022.
  49. Sctp support in the inet framework and its analysis in the wireshark packet analyzer. In Multihomed Communication with SCTP (Stream Control Transmission Protocol). CRC Press, 2012, pp. 175–202.
  50. Evaluating the stream control transmission protocol using Uppaal. arXiv preprint arXiv:1703.06568 (2017).
  51. Analysis of a denial of service attack on tcp. In Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No. 97CB36097) (1997), IEEE, pp. 208–223.
  52. Stewart, R. Stream control transmission protocol. https://www.rfc-editor.org/rfc/rfc4960, September 2007. Accessed 23 February 2023.
  53. Security attacks found against the stream control transmission protocol (SCTP) and current countermeasures. https://datatracker.ietf.org/doc/html/rfc5062, September 2007.
  54. SCTP: What is it, and how to use it? In Proceedings of BSDCan: The Technical BSD Conference (2008).
  55. Stream control transmission protocol. https://www.rfc-editor.org/rfc/rfc9260, June 2022. Accessed 15 March 2023.
  56. Stream control transmission protocol. https://www.rfc-editor.org/rfc/rfc2960, October 2000. Accessed 15 March 2023.
  57. Vanit-Anunchai, S. Towards formal modelling and analysis of SCTP connection management. In Proceedings of the Ninth Workshop and Tutorial on Practical Use of Coloured Petri Nets and the CPN Tools (2008).
  58. Vanit-Anunchai, S. Validating SCTP simultaneous open procedure. In Fundamentals of Software Engineering: 5th International Conference, FSEN 2013, Tehran, Iran, April 24-26, 2013, Revised Selected Papers 5 (2013), Springer, pp. 233–249.
  59. An automata-theoretic approach to automatic program verification. In 1st Symposium in Logic in Computer Science (LICS) (1986), IEEE Computer Society.
  60. Vass, J. How Discord handles two and half million concurrent voice users using WebRTC. https://discord.com/blog/how-discord-handles-two-and-half-million-concurrent-voice-users-using-webrtc, September 2018. Accessed 31 July 2023.
  61. A formal analysis of karn’s algorithm. In International Conference on Networked Systems (2023), Springer, pp. 43–61.
  62. Automated attacker synthesis for distributed protocols. In Computer Safety, Reliability, and Security: 39th International Conference, SAFECOMP 2020, Lisbon, Portugal, September 16–18, 2020, Proceedings 39 (2020), Springer, pp. 133–149.
  63. Modeling and verification of sctp association management based on colored petri nets. In 2008 ISECS International Colloquium on Computing, Communication, Control, and Management (2008), vol. 1, IEEE, pp. 379–383.
  64. Formal model-driven discovery of bluetooth protocol design vulnerabilities. In 2022 IEEE Symposium on Security and Privacy (SP) (2022), IEEE, pp. 2285–2303.
  65. The secure shell (SSH) transport layer protocol. https://www.rfc-editor.org/rfc/rfc4253, january 2006.
  66. Throughput models for SCTP with parallel subflows. Computer Networks 50, 13 (2006), 2160–2182.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now