Conformance test suite for implementations of the security protocol suite IPsec v2
Abstract
The paper presents conformance test suite for new Internet Protocol Security Suite IPsec v2. The test suite was constructed by means of the UniTESK automated testing technology and its implementation, CTESK toolkit.
The work was done in the Institute for System Programming of RAS within “Verification of security functions of the next generation protocol IPsec v2” supported by RFBR grant 07-07-00243. The project included elicitation of requirements for implementations, development of formal specification and prototype test suite for IPsec v2 including the protocol of key exchange IKE v2. The paper discusses the method of formalization of IPsec v2 requirements, test suite development process, and results of test suite application to the existing implementations. The application shows that the method presented in the paper allows for construction for efficient testing automation for such complex protocols like security protocols.
The work was done in the Institute for System Programming of RAS within “Verification of security functions of the next generation protocol IPsec v2” supported by RFBR grant 07-07-00243. The project included elicitation of requirements for implementations, development of formal specification and prototype test suite for IPsec v2 including the protocol of key exchange IKE v2. The paper discusses the method of formalization of IPsec v2 requirements, test suite development process, and results of test suite application to the existing implementations. The application shows that the method presented in the paper allows for construction for efficient testing automation for such complex protocols like security protocols.
About the Authors
A. V. Nikeshin
ISP RAS, Moscow
Russian Federation
Russian Federation
N. V. Pakulin
ISP RAS, Moscow
Russian Federation
Russian Federation
V. Z. Shnitman.
ISP RAS, Moscow
Russian Federation
Russian Federation
References
1. RFC4301 S. Kent, K. Seo. Security Architecture for the Internet Protocol December 2005
2. RFC4302 S. Kent. IP Authentication Header S. Kent December
3. RFC4303 S. Kent. IP Encapsulating Security Payload (ESP) December 2005
4. RFC4306 C. Kaufman, Ed. Internet Key Exchange (IKEv2) Protocol December 2005
5. RFC4307 J. Schiller. Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) December 2005
6. RFC4807 M. Baer, R. Charlet, W. Hardaker, R. Story, C. Wang. IPsec Security Policy Database Configuration MIB March 2007
7. RFC4868 S. Kelly, S. Frankel. Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec May 2007
8. Bourdonov, I., Kossatchev, A., Kuliamin, V., Petrenko, A. UniTesK Test Suite Architecture // Proceedings of FME, LNCS 2391. Springer-Verlag, 2002. P. 77-88.
9. CTesK 2.1: SeC Language Reference. М.: ИСП РАН, 2005. 167 с.
10. Н.В. Пакулин. Формализация стандартов и тестовых наборов протоколов Интернета. Автореферат диссертации на соискание учёной степени кандидата физико-математических наук. Москва, 2006.
11. Н.В. Пакулин, А.В. Хорошилов "Разработка формальных моделей и тестирование соответствия для систем с асинхронными интерфейсами и телекоммуникационных протоколов", Журнал "Программирование" № 5, 2007 г., ISSN 0132-3474, с. 1-29.
12. IETF RFC 2223. J. Postel, J. Reynolds. Instructions to RFC Authors. IETF, 1997. 20 с.
13. IETF BCP 14 | IETF RFC 2119. S. Bradner. Key words for use in RFCs to Indicate Requirement Levels. IETF, 1997. 3 с.
14. IETF RFC 1213. K. McCloghrie, M. T. Rose. Management Information Base for Network Management of TCP/IP-based internets: MIB-II. March 1991.
15. IETF RFC 2011 K. McCloghrie, Ed. SNMPv2 Management Information Base for the Internet Protocol using SMIv2. November 1996.
16. IETF RFC 1831. R. Srinivasan. RPC: Remote Procedure Call Protocol Specification Version 2, 1995.
17. IETF RFC 1832. R. Srinivasan, XDR: External Data Representation Standard, 1995.
Review
For citations:
Nikeshin A.V., Pakulin N.V., Shnitman. V.Z. Conformance test suite for implementations of the security protocol suite IPsec v2. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2010;18. (In Russ.)
Email this article 