Preview

User

Not a user? Register with this site Forgot your password?

Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS)

Advanced search

Conformance testing of Extensible Authentication Protocol implementations

https://doi.org/10.15514/ISPRAS-2018-30(6)-5

Abstract

The paper presents a model-based approach to conformance testing of Extensible Authentication Protocol (EAP) implementations. Conformance testing is the basic tool to ensure interoperability between implementations of a protocol. Using UniTESK technology allows automating the verification of network protocols based on their formal models. Additional applying of mutation testing allows evaluating the robustness of the implementations to receive incorrect packets. We applied the test suite to several implementations of EAP and present brief results. This approach has proved to be effective in finding several critical vulnerabilities and other specification deviations in the EAP implementations.

About the Authors

A. V. Nikeshin
Ivannikov Institute for System Programming of the Russian Academy of Sciences
Russian Federation


V. Z. Shnitman
Ivannikov Institute for System Programming of the Russian Academy of Sciences; Moscow Institute of Physics and Technology (State University)
Russian Federation


References

1. [1]. IETF RFC 3748. B. Aboba, et al. Extensible Authentication Protocol (EAP). June 2004. Available at: https://tools.ietf.org/html/rfc3748, accessed 01.12.2018.

2. [2]. IETF RFC 3579. B. Aboba and P. Calhoun. RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP). September 2003. Available at: https://tools.ietf.org/html/rfc3579, accessed 01.12.2018.

3. [3]. Bourdonov I., Kossatchev A., Kuliamin V., and Petrenko A. UniTesK Test Suite Architecture. Proceedings of FME 2002. LNCS 2391, 2002, pp. 77–88.

4. [4]. Nikeshin A.V., Shnitman V.Z. The review of Extensible Authentication Protocol and its methods. Trudy ISP RAN/Proc. ISP RAS, vol. 30, issue. 2, 2018, pp. 113-148 (in Russian). DOI: 10.15514/ISPRAS-2018-30(2)-7.

5. [5]. IETF RFC 4186. Haverinen & Salowey. Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM). January 2006. Available at: https://tools.ietf.org/html/rfc4186, accessed 01.12.2018.

6. [6]. IEEE Standard 802.1X-2010 - IEEE Standard for Local and metropolitan area networks – Port-Based Network Access Control, 2010.

7. [7]. JavaTESK. Available at: http://www.unitesk.ru/content/category/5/25/60/, accessed 01.12.2018.

8. [8]. FreeRADIUS. Available at: http://freeradius.org, accessed 01.12.2018.

9. [9]. Clearbox Enterprise Server. Available at: http://xperiencetech.com/, accessed 01.12.2018.

10. [10]. TekRADIUS. Available at: https://www.kaplansoft.com/tekradius/, accessed 01.12.2018.

11. [11]. Windows Server 2012 R2. Available at: https://www.microsoft.com/, accessed 01.12.2018.

12. [12]. IETF RFC 4187. Arkko & Haverinen. Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA). January 2006. Available at: https://tools.ietf.org/html/rfc4187/, accessed 01.12.2018.

13. [13]. IETF RFC 5448. Arkko, et al. Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA'). May 2009. Available at: https://tools.ietf.org/html/rfc5448/, accessed 01.12.2018.

14. [14]. European Telecommunications Standards Institute, GSM Technical Specification GSM 03.20 (ETS 300 534): Digital cellular telecommunication system (Phase 2); Security related network functions, August 1997.

15. [15]. Microsoft Corporation. [MS-PEAP]: Protected Extensible Authentication Protocol (PEAP). December 2017. Available at: https://msdn.microsoft.com/en-us/library/cc238354.aspx, 06.12.2018/, accessed 01.12.2018.

16. [16]. IETF RFC 5281. Funk & Blake-Wilson. Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0). August 2008. Available at: https://tools.ietf.org/html/rfc5281/, accessed 01.12.2018.

17. [17]. IETF RFC 4851. Cam-Winget, et al. The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST). May 2007. Available at: https://tools.ietf.org/html/rfc4851/, accessed 01.12.2018.

18. [18]. IETF RFC 7170. Zhou, et al. Tunnel Extensible Authentication Protocol (TEAP) Version 1. May 2014. Available at: https://tools.ietf.org/html/rfc7170.

19. [19]. IETF RFC 5246. Dierks, T. and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. August 2008. Available at: https://tools.ietf.org/html/rfc5246/, accessed 01.12.2018.


Review

For citations:

Nikeshin A.V., Shnitman V.Z. Conformance testing of Extensible Authentication Protocol implementations. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2018;30(6):89-104. (In Russ.) https://doi.org/10.15514/ISPRAS-2018-30(6)-5



Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.


ISSN 2079-8156 (Print)
ISSN 2220-6426 (Online)

109004, Alexander Solzhenitsyn st., 25., Moscow, Russian Federation
Institute for System Programming of the RAS
tel.: +7(495) 912-44-25,
e-mail: proceedings@ispras.ru

Processing of personal data
supported by NEICON (Elpub lab)