Abstract
Generation of tests for checking the conformance of implementations of the Extensible Authentication Protocol (EAP) and its methods to Internet specifications is described. The project is based on the UniTESK technology that allows one to automate the verification of network protocols using their formal models and the extension JavaTesK, which implements the UniTESK technology in Java. The additional use of mutation testing techniques makes it possible to test the stability of a protocol implementation to corrupt messages. This approach proved to be effective in finding a number of critical vulnerabilities and other deviations from the EAP in some implementations.
Similar content being viewed by others
REFERENCES
Aboba, B. et al., IETF RFC 3748. Extensible Authentication Protocol (EAP), June 2004. https://tools.ietf.org/html/rfc3748
Aboba, B. and Calhoun, P., IETF RFC 3579. RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP), September 2003. https://tools.ietf.org/html/rfc3579
Bourdonov, I., Kossatchev, A., Kuliamin, V., and Petrenko, A., UniTesK test suite architecture, Proc. of FME 2002. Lect. Notes Comput. Sci. 2001, vol. 2391, pp. 77–88.
Pakulin, N.V., Nikeshin, A.V., and Shnitman, V.Z., Automation of conformance testing for communication protocols, Trudy ISP RAN, 2014, vol. 26, no. 1, pp. 109–148.
Nikeshin, A.V., Pakulin, N.V., and Shnitman, V.Z., Mutation testing of network protocols using formal models, Nauchnyi servis v seti Internet: trudy XVII Vserossiiskoi nauchnoi konferentsii, 2015, Novorossiisk), Moscow: Keldysh Inst. Prkl. Mat., 2015, pp. 259–266.
Nikeshin, A.V. and Shnitman, V.Z., The verification of tunnel methods of the Extensible Authentication Protocol (EAP), CEUR Workshop Proceedings, 2018, Vol. 2260, pp. 406–416.
Burdonov, I.B., Evtushenko, N.V., and Kossatchev, A.S., Deriving tests for the synchronous composition of deterministic complete Finite State Machines, CEUR Workshop Proceedings, 2018, Vol. 2260, pp. 100–110.
Nikeshin, A.V. and Shnitman, V.Z., The review of extensible authentication protocol and its methods, Trudy ISP RAN, 2018, vol. 30, no. 2, pp. 113–148.
Haverinen and Salowey, IETF RFC 4186. Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM), January 2006. https://tools.ietf.org/html/rfc4186
IEEE Standard 802.1X-2010 - IEEE Standard for Local and metropolitan area networks – Port-Based Network Access Control, 2010.
JavaTESK. http://www.unitesk.ru/content/category/5/25/60/
FreeRADIUS. http://freeradius.org
Clearbox Enterprise Server. http://xperiencetech.com/
TekRADIUS. https://www.kaplansoft.com/tekradius/
Windows Server 2012 R2. https://www.microsoft.com/
Arkko and Haverinen. IETF RFC 4187, Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA), January 2006. https://tools.ietf.org/html/rfc4187/
Arkko, et al., IETF RFC 5448. Improved Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA), May 2009. https://tools.ietf.org/html/rfc5448/
European Telecommunications Standards Institute, GSM Technical Specification GSM 03.20 (ETS 300 534): Digital cellular telecommunication system (Phase 2), Security related network functions, August 1997.
Protected Extensible Authentication Protocol (PEAP), [MS-PEAP], Microsoft Corporation, December 2017. https://msdn.microsoft.com/en-us/library/ cc238354.aspx
Funk and Blake-Wilson, IETF RFC 5281. Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol, Version 0 (EAP-TTLSv0), August 2008. https://tools.ietf.org/html/rfc5281/
Cam-Winget, et al., IETF RFC 4851. The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST), May 2007. https://tools.ietf.org/html/rfc4851/
Zhou, et al., IETF RFC 7170. Tunnel Extensible Authentication Protocol (TEAP), Version 1, May 2014. https://tools.ietf.org/html/rfc7170
Dierks, T. and Rescorla, E., IETF RFC 5246. The Transport Layer Security (TLS) Protocol Version 1.2, August 2008. https://tools.ietf.org/html/rfc5246/
Funding
This work was supported by the Russian Foundation for Basic Research, project no. 16-07-00603 Verification of Security of the Authentication Protocol EAP and Evaluation of Its Stability under Attacks.
Author information
Authors and Affiliations
Corresponding authors
Additional information
Translated by A. Klimontovich
Rights and permissions
About this article
Cite this article
Nikeshin, A.V., Shnitman, V.Z. Testing the Conformance of Implementations of the EAP Protocol and Its Methods to Internet Specifications. Program Comput Soft 45, 417–423 (2019). https://doi.org/10.1134/S0361768819070090
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S0361768819070090