The new Internet Protocol securityipsec testing with TTCN-3

(1)

Outline IPsec Selected tools Test case implementation Comparison Summary

The new Internet Protocol security

IPsec testing with TTCN-3

Ariel Sabiguero 1,2 Mar´ıa Eugenia Corti1 C´esar Viho2

1_{Instituto de Computaci´}_{on, Facultad de Ingenier´ıa, Universidad de la Rep´}_ublica J. Herrera y Reissig 565, Montevideo, Uruguay

{asabigue,mcorti}@fing.edu.uy

2_{IRISA / Dionysos} Campus Universitaire de Beaulieu

35042 Rennes CEDEX, France

(2)

Outline

IPsec Selected tools Test case implementation Comparison Summary IPsec

Overview of relevant IPsec concepts General test description

Selected test case description

Selected tools

IRISA T3DevKit GNU crypto library

Test case implementation

Implementation alternatives CoDec based development

CoDec+ExtFunctions development

Comparison

Code engineering Test Specification Size Performance

(3)

Outline

IPsec

Selected tools Test case implementation Comparison Summary

Suite of security protocols

Authentication Encapsulating Security

Header (AH) Payload (ESP)

Connectionless

√

Integrity Data Origin

√

Authentication Access Control

√

Confidentiality

×

√

(4)

Outline

IPsec

Suite of security protocols

Connectionless

√

Confidentiality

×

√

(5)

Outline

IPsec

Suite of security protocols

Connectionless

√

Confidentiality

×

√

(6)

Outline

IPsec

Suite of security protocols

Connectionless

√

Confidentiality

×

√

(7)

Outline

IPsec

Set of cryptographic algorithms

Encryption algorithm I 3DES-CBC I NULL I AES-CBC I AES-CTR Authentication algorithm I HMAC-SHA1-96 I NULL I AES-XCBX-MAC-96

(8)

Outline

IPsec

Set of cryptographic algorithms

(9)

Outline

IPsec

Set of cryptographic algorithms

(10)

Outline

IPsec

Set of cryptographic algorithms

(11)

Outline

IPsec

Set of cryptographic algorithms

(12)

Outline

IPsec

Set of cryptographic algorithms

(13)

Outline

IPsec

Set of cryptographic algorithms

(14)

Outline

IPsec

IPsec modes

Client A Client B Network Transport mode Client A Client B Network Tunnel mode

(15)

Outline

IPsec

SPD and SA

Security Policy Database

I control IPsec traffic

I consulted for incoming and outgoing traffic

Security Association

I simplex ”connection” that affords security services to the traffic carried by it.

I each SA an entry in the SA Database (SAD)

(16)

Outline

IPsec

SPD and SA

(17)

Outline

IPsec

SPD and SA

(18)

Outline

IPsec

SPD and SA

(19)

Outline

IPsec

SPD and SA

(20)

Outline

IPsec

SPD and SA

(21)

Outline

IPsec

v6RL test suite coverage

I Tunnel and Transport mode

I A combination of authentication and encryption algorithms

I Only ESP

I Manual key configuration

(22)

Outline

IPsec

v6RL test suite coverage

I Only ESP

(23)

Outline

IPsec

v6RL test suite coverage

I Only ESP

(24)

Outline

IPsec

v6RL test suite coverage

I Only ESP

(25)

Outline

IPsec

v6RL test suite coverage

I Only ESP

(26)

Outline

IPsec

Test case 5.2.3

I Transport mode tested

I 3DES-CBC encryption algorithm I NULL authentication algorithm HOST1_Link1=PF1::1 NUT_Link0=PF0::some_address NUT ROUTER1 ROUTER1_Link1=PF1::f ROUTER1_Link0=PF0::f

(27)

Outline

IPsec

Test case 5.2.3

(28)

Outline

IPsec

Test case 5.2.3

(29)

Outline IPsec

Selected tools

Test case implementation Comparison Summary

T3DevKit & IPv6 ATS

Why ?

I Helper tool for implementing TA-PA, TRI-SA and TCI-CD

I Works in C++ environment, adequate for IPsec testing

I Existing IPv6 ATS enables code reuse (IPv6, ICMPv6, etc.)

(30)

Outline IPsec

Selected tools

T3DevKit & IPv6 ATS

Why ?

(31)

Outline IPsec

Selected tools

T3DevKit & IPv6 ATS

Why ?

(32)

Outline IPsec

Selected tools

T3DevKit & IPv6 ATS

Why ?

(33)

Outline IPsec

Selected tools

GNU crypto library

I General purpose cryptographic library

I Several cryptographic algorithms provided

I All IPsec cryptographic functions implemented

I Broad user base and examples on-line

(34)

Outline IPsec

Selected tools

GNU crypto library

(35)

Outline IPsec

Selected tools

GNU crypto library

(36)

Outline IPsec

Selected tools

GNU crypto library

(37)

Outline IPsec

Selected tools

GNU crypto library

(38)

Outline IPsec Selected tools

Comparison Summary

Implementation alternatives CoDec based development CoDec+ExtFunctions development

Test case engineering

I Just an ICMPv6 Echo Request and Echo Reply exchanged

I Simple message sequence

I Messages use 3DES-CBC encryption with PSK

I Complex assembly and disassembly

I Where to perform cryptographic operations?

I CoDec

(39)

Comparison Summary

Test case engineering

I CoDec

(40)

Comparison Summary

Test case engineering

I CoDec

(41)

Comparison Summary

Test case engineering

I CoDec

(42)

Comparison Summary

CoDec only Transmission

I ESP message modeled in TTCN-3

I Checksum and padding fields calculated in the CoDec

I Payload encrypted in the CoDec

(43)

Comparison Summary

CoDec only Transmission

(44)

Comparison Summary

CoDec only Transmission

(45)

Comparison Summary

CoDec only Reception

alt

//Receive the correct answer

[] Link1.receive(ICMPv6WithESP_EchoReply_AuthNULL (SPI_SA2, ’’O)) { setverdict(pass);

replyTimer.stop; } //Receive incorrect answer [] Link1.receive

{ setverdict(fail); replyTimer.stop; } //Receive no answer

(46)

Comparison Summary

CoDec only Reception

alt

replyTimer.stop; }

//Receive incorrect answer [] Link1.receive { setverdict(fail); replyTimer.stop; } //Receive no answer [] replyTimer.timeout { setverdict(fail); }

(47)

Comparison Summary

CoDec only Reception

alt

replyTimer.stop; } //Receive incorrect answer

[] Link1.receive

{ setverdict(fail); replyTimer.stop; }

//Receive no answer

(48)

Comparison Summary

CoDec+Ext Transmission

template ESPMessage ICMPv6ESPMessage (IPv6AddressType src, IPv6AddressType dst, octetstring m_spi, octetstring m_data, UInt16 checksum) := { SPI:= m_spi,

SeqNum := 1,

Payload := EncryptPayload(src, dst, EchoRequestType, m_data, checksum),

ICV :=omit }

(49)

Comparison Summary

CoDec+Ext Reception

alt{

//Receive correct answer, unverified encrypted payload [] Link1.receive(ICMPv6ESPMessage_Answer_AuthNULL

(PF0_1, PF1_1, SPI_SA2, DATA, checksum)) -> value Myvar { var bitstring encpayload := Myvar.Payload;

var UInt8 payloadLength := lengthof(encpayload)/8;

var EncPayload payload := DecriptPayload(encpayload, payloadLength); if (match(payload, ICMPv6EncPayload_Answer(PF0_1, PF1_1, DATA))) {

setverdict(pass); } else { setverdict(fail); } replyTimer.stop; }

//Receive incorrect answer [] Link1.receive { setverdict(fail); replyTimer.stop; } //Receive no answer [] replyTimer.timeout {

(50)

Comparison Summary

CoDec+Ext Reception

alt{

//Receive correct answer, unverified encrypted payload

[] Link1.receive(ICMPv6ESPMessage_Answer_AuthNULL

//Receive incorrect answer [] Link1.receive { setverdict(fail); replyTimer.stop; } //Receive no answer [] replyTimer.timeout { setverdict(fail); }

(51)

Comparison Summary

CoDec+Ext Reception

alt{

//Receive correct answer, unverified encrypted payload [] Link1.receive(ICMPv6ESPMessage_Answer_AuthNULL

//Receive incorrect answer

[] Link1.receive { setverdict(fail); replyTimer.stop; } //Receive no answer [] replyTimer.timeout {

(52)

Outline IPsec Selected tools Test case implementation

Comparison

Summary

Message transmission & reception

CoDec

I High ATS abstraction

(too much?)

I Increased CoDec

complexity

I Difficult code

factorization and reuse

External Functions

I More control from ATS

I CoDec just encode and

decode

I Software engineering

(53)

Comparison

Summary

Message transmission & reception

CoDec

(too much?)

I Increased CoDec

complexity

I Difficult code

External Functions

decode

(54)

Comparison

Summary

Message transmission & reception

CoDec

(too much?)

I Increased CoDec

complexity

I Difficult code

External Functions

decode

(55)

Comparison

Summary

Message transmission & reception

CoDec

(too much?)

I Increased CoDec

complexity

I Difficult code

External Functions

decode

(56)

Comparison

Summary

Message transmission & reception

CoDec

(too much?)

I Increased CoDec

complexity

I Difficult code

External Functions

decode

(57)

Comparison

Summary

Message transmission & reception

CoDec

(too much?)

I Increased CoDec

complexity

I Difficult code

External Functions

decode

(58)

Comparison

Summary

loc

based metrics

100 200 300 400 500 600 700 800 900 1000 1100 1200 1300 1400 1500 1600 C++ CoDecs C++ Ext Functions TTCN-3 Accessory TTCN-3 Testcase L in e s o f C o d e

(59)

Comparison

Summary

Performance

I Every time an external function is invoked, encode and decode

operations on the CoDec are invoked

I External functions based approach requires 4 external function invocations.

I Not relevant in conformance or interoperability testing, but might be critical for other test paradigms.

(60)

Comparison

Summary

Performance

(61)

Comparison

Summary

Performance

(62)

Outline IPsec Selected tools Test case implementation Comparison

Summary

Final remarks

I Ongoing research for more thorough analysis

I Both methodologies are valid and applicable, with consistent

results

I Excessively complex CoDec development diverges from

TTCN-3 philosophy

I When performance degradation is allowed, external functions

(63)

Summary

Final remarks

results

TTCN-3 philosophy

(64)

Summary

Final remarks

results

TTCN-3 philosophy

(65)

Summary

Final remarks

results

TTCN-3 philosophy

(66)

Summary

Thank you for your time

Questions?

http://www.irisa.fr/tipi/publi/t3uc2007paper.pdf