Yutaka Oiwa

PAKE-based mutual HTTP authentication for preventing phishing attacks

We developed a new Web authentication protocol with password-based mutual authentication which prevents various kinds of phishing attacks. This protocol provides a protection of users passwords against any phishers even if a dictionary attack is employed, and prevents phishers from imitating a false sense of successful authentication to users. The protocol is designed considering interoperability with many recent Web applications which requires many features which current HTTP authentication does not provide. The protocol is proposed as an Internet Draft submitted to IETF, and implemented in both server side (as an Apache extension) and client side (as a Mozilla-based browser and an IE-based one).

Priority Integration for Weighted Combinatorial Testing

Priorities (weights) for parameter values can improve the effectiveness of combinatorial testing. Previous approaches have employed weights to derive high-priority test cases either earlier or more frequently. Our approach integrates these order-focused and frequency-focused prioritizations. We show that our priority integration realizes a small test suite providing high-priority test cases early and frequently in a good balance. We also propose two algorithms that apply our priority integration to existing combinatorial test generation algorithms. Experimental results using numerous test models show that our approach improves the existing approaches w.r.t. Order-focused and frequency-focused metrics, while overheads in the size and generation time of test suites are small.

Combinatorial Testing for Tree-Structured Test Models with Constraints

In this paper, we develop a combinatorial testing technique for tree-structured test models. First, we generalize our previous test models for combinatorial testing based on AND-XOR trees with constraints limited to a syntactic subset of propositional logic, to allow for constraints in full propositional logic. We prove that the generalized test models are strictly more expressive than the limited ones. Then we develop an algorithm for combinatorial testing for the generalized models, and show its correctness and computational complexity. We apply a tool based on our algorithm to an actual ticket gate system that is used by several large transportation companies in Japan. Experimental results show that our technique outperforms existing techniques.

A new variant for an attack against RSA signature verification using parameter field

We present a method to create a forged signature which will be verified to a syntactically well-formed ASN.1 datum, when certificate authorities use small RSA public exponents such as 3. Our attack is related to the technique which Daniel Bleichenbacher reported recently, but our forged signature is well-formed ASN.1 datum, unlike Bleichenbachers original attack: thus our new attack is still applicable to certain implementations even if these are immune to the Bleichenbachers attack. We have also analyzed the parameters which enable our attack and Bleichenbachers, and found that both attacks are possible with the combination of existing public keys of widely-trusted certificate authorities and existing real-world implementations. We have already reported the vulnerability to developers of both GNUTLS and Mozilla NSS to fix their implementations.

Design of Prioritized N-Wise Testing

[InlineEquation not available: see fulltext.]-wise testing is a widely used technique for combinatorial interaction testing. Prioritizing testing reorders test cases by relevance, testing important aspects more thoroughly. We propose a novel technique for [InlineEquation not available: see fulltext.]-wise test case generation to satisfy the three distinct prioritization criteria of interaction coverage, weight coverage, and KL divergence. The proposed technique generates small [InlineEquation not available: see fulltext.]-wise test cases, where high-priority test cases appear early and frequently. Our early evaluation confirms that the proposed technique improves on existing techniques based on the three prioritization criteria.

Formal network packet processing with minimal fuss: invertible syntax descriptions at work

An error in an Internet protocol or its implementation is rarely benign: at best, it leads to malfunctions, at worst, to security holes. These errors are all the more likely that the official documentation for Internet protocols (the RFCs) is written in natural language. To prevent ambiguities and pave the way to formal verification of Internet protocols and their implementations, we advocate formalization of RFCs in a proof-assistant. As a first step towards this goal, we propose in this paper to use invertible syntax descriptions to formalize network packet processing. Invertible syntax descriptions consist in a library of combinators that can be used interchangeably as parsers or pretty-printers: network packet processing specified this way is not only unambiguous, it can also be turned into a trustful reference implementation, all the more trustful that there is no risk for inconsistencies between the parser and the pretty-printer. Concretely, we formalize invertible syntax descriptions in the Coq proof-assistant and extend them to deal with data-dependent constraints, an essential feature when it comes to parsing network packets. The usefulness of our formalization is demonstrated with an application to TLS, the protocol on which e-commerce relies.

Evaluation of A Resilience Embedded System Using Probabilistic Model-Checking.

If a Micro Processor Unit (MPU) receives an external electric signal as noise, the system function will freeze or malfunction easily. A new resilience strategy is implemented in order to reset the MPU automatically and stop the MPU from freezing or malfunctioning. The technique is useful for embedded systems which work in non-human environments. However, evaluating resilience strategies is difficult because their effectiveness depends on numerous, complex, interacting factors. In this paper, we use probabilistic model checking to evaluate the embedded systems installed with the above mentioned new resilience strategy. Qualitative evaluations are implemented with 6 PCTL formulas, and quantitative evaluations use two kinds of evaluation. One is system failure reduction, and the other is ADT (Average Down Time), the industry standard. Our work demonstrates the benefits brought by the resilience strategy. Experimental results indicate that our evaluation is cost-effective and reliable.

Rollback mechanism of nested virtual machines for protocol fuzz testing

Secure communications (HTTPS, SSH, etc) are important in the current Internet services. Implementations of secure protocols should be tested as exhaustively as possible. Repeated protocol fuzz testing from every reachable state is necessary and snapshot/rollback mechanism is required. Ordinary snapshot tools, however, only bring back a state of process or virtual machine (VM), and do not take care of packets on a wire. It means that they have no feature of distributed snapshot defined by Chandy-Lamport. Furthermore, secure protocols inherently depend upon a computing environment (e.g., random number) and make it difficult to repeat same testing. In order to solve these problems easily and generally, we propose a new protocol for controlling snapshot/rollback of VM, and an implementation which uses nested VMs and proxies. The internal VM of nested VM emulates whole hardware for exact repeat of protocol handling, and the external VM and proxies work for managing the state of internal VM and packets on a wire. In the current implementation internal VM is the instruction emulator QEMU and external VM is KVM which uses virtualization instructions. On a feasibility study, 4 TLS 1.2 servers (OpenSSL, GnuTLS, CyaSSL, and PolarSSL) were verified, and we found 2 bugs in CyaSSL and 1 bug in PolarSSL.