Tracking vulnerabilities in network protocols

What does your work involve? 

Our research focuses on network protocols and their implementation on various machines. These protocols are governed by standards whose technical specifications are not always rigorous. This leaves room for vulnerabilities and security bugs. We seek to identify these vulnerabilities, particularly in protocols such as TLS and SSH, and we work with their developers to have them corrected. 

How do you go about this? 

By black-box testing open-source protocol stacks. In other words, we interact with these implementations by inference—that is, by triggering a chain of behaviors based on the requests we submit to them and the results they return—without studying their source code. The goal is to understand how they work and, more specifically, the mechanics of their state machine (editor's note: a mathematical model representing the behavior of the program).

To do this, we develop our own state machine, which is the cornerstone of our work. It sends a series of messages to the implementation under study, which allows us to acquire a large amount of data and model its behavior. We then analyze this model and identify its vulnerabilities. We then confirm these bugs with the developers and propose fixes.

What has your work revealed?

Server identity theft is one of the most common vulnerabilities that our state machine has been able to reveal in open source network implementations. For example, within the SSH protocol (a tool for remotely administering machines), we were able to bypass the sequence of messages through which the server identifies itself to the network client. The client is then convinced that it can transmit its sensitive data securely. We also showed that message loops freeze certain protocols and render servers unusable.

What are the possible applications of your research? 

The main aim is to report vulnerabilities that have appeared over successive versions to the developers of a network protocol. Certain behaviors that were not problematic at a given moment in time become problematic later on, particularly due to imprecise standards. Applications are affected by an accumulation of updates that ultimately impair their proper functioning. The OpenSSL implementation of the TLS protocol, which secures a large part of the web, was affected by this technical debt phenomenon a few years ago. Several major vulnerabilities were publicized, and significant human resources were allocated to cleaning up its state machine. 

Today, the maintenance of free software is taken seriously, and we are doing our part to contribute to this effort. Thanks to our tools, developers can study changes in the behavior of an implementation when an update is due. The code is better understood, simplified, and stabilized before the version upgrade. 

The stakes are high because many economic players implement these protocols on their networks. In the defense sector, for example, systems integrate certain critical protocols such as TLS, SSH, and OPC-UA, which we have studied. In this same sector, our state machine technique is applied to “off-the-shelf” protocols in order to understand how they work (reverse engineering) and to strengthen confidence in them before they are used. 

What are your current projects?

Olivier Levillain has been a lecturer in information systems security at Télécom SudParis since 2018. Previously, he was head of the ISS training center at the French National Cybersecurity Agency (ANSSI). He has also worked in the laboratories of ANSSI's expertise sub-division on a variety of topics ranging from attacks on low-level mechanisms in hardware architectures to key management infrastructures. His current research focuses on the analysis of network protocol implementations such as TLS and SSH, as well as the reliable reproduction of software vulnerabilities in Linux environments.

>> Olivier Levillain on Google Scholar

>> Olivier Levillain's Télécom SudParis webpage

>> Olivier Levillain's personnal webpage