Open AccessJournal Article
Rigorous specifications of the SSH Transport Layer
Erik Poll,Aleksy Schubert +1 more
TLDR
This document presents (semi-)formal specifications of the security protocol SSH, more specifically the transport layer protocol, and describes a source code review of OpenSSH, the leading implementation of SSH, using these specifications.Abstract:
This document presents (semi-)formal specifications of the security protocol SSH, more specifically the transport layer protocol, and describe a source code review of OpenSSH, the leading implementation of SSH, using these specifications. Our specifications, in the form of finite state machines, are at a different level of abstraction that the typical formal descriptions used to study security protocols. Our motivation is to understand actual implementations of SSH, so we try to capture some of the details from the official (informal) specification that are irrelevant to the security of the abstract protocol, but which do complicate the implementation. Our specifications should be useful to anyone trying to understand or implement SSH. First versions of our specifications were developed for the formal verification of a Java implementation of SSH [17].read more
Citations
More filters
Proceedings ArticleDOI
Model learning and model checking of SSH implementations
Paul Fiterau-Brostean,Toon Lenaerts,Erik Poll,Joeri de Ruiter,Frits W. Vaandrager,Patrick Verleg +5 more
TL;DR: This work applies model learning on three SSH implementations to infer state machine models, and uses model checking to verify that these models satisfy basic security properties and conform to the RFCs.
Dissertation
Active Model Learning for the Analysis of Network Protocols
TL;DR: In order to learn an over-approximation of a “large” Mealy machine M, a transducer is placed in between the teacher and the learner, which translates concrete inputs in I to abstract inputs in X, concrete outputs in O to abstract outputs in Y, and vice versa.
Proceedings ArticleDOI
Protocol State Machines and Session Languages: Specification, implementation, and Security Flaws
TL;DR: The possibility to automatically infer formal specifications of input languages, in the form of protocol state machines, from implementations by black box testing is discussed, to improve the situation of poorly specified input languages.
References
More filters
Internet Protocol
TL;DR: Along with TCP, IP represents the heart of the Internet protocols and has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of data links to support data links with different maximum transmission unit (MTU) sizes.
The Secure Shell (SSH) Protocol Architecture
Tatu Ylonen,Chris Lonvick +1 more
TL;DR: This document describes the architecture of the SSH protocol, as well as the notation and terminology used in SSH protocol documents, and discusses the SSH algorithm naming system that allows local extensions.
Journal ArticleDOI
Automated Security Protocol Analysis With the AVISPA Tool
TL;DR: Experimental results indicate that the AVISPA Tool is a state-of-the-art tool for Internet security protocol analysis as, to the authors' knowledge, no other tool exhibits the same level of scope and robustness while enjoying the same performance and scalability.