pr\u00e9sentent<\/p>\n\n\n\n
Autoris\u00e9 \u00e0 pr\u00e9senter ses travaux en vue de l\u2019obtention du Doctorat de l’Institut Polytechnique de Paris, pr\u00e9par\u00e9 \u00e0 T\u00e9l\u00e9com SudParis en :<\/p>\n\n\n\n
le JEUDI 8 JUIN 2023 \u00e0 14h00<\/p>\n\n\n\n
Salle 3A213
19 Pl. Marguerite Perey, 91120 Palaiseau<\/p>\n\n\n\n
Membres du jury :<\/strong><\/p>\n\n\n\n M. Herv\u00e9 DEBAR<\/strong>, Professeur, T\u00e9l\u00e9com SudParis, FRANCE – Directeur de th\u00e8se TLS et SSH sont deux protocoles de s\u00e9curit\u00e9 tr\u00e8s r\u00e9pandu et \u00e9tudi\u00e9s par la communaut\u00e9 de la recherche. Dans cette th\u00e8se, nous nous concentrons sur une classe sp\u00e9cifique de vuln\u00e9rabilit\u00e9s affectant les impl\u00e9mentations TLS et SSH, tels que les probl\u00e8mes de machine \u00e0 \u00e9tats. Ces vuln\u00e9rabilit\u00e9s sont dues par des diff\u00e9rences d’interpr\u00e9tation de la norme et correspondent \u00e0 des \u00e9carts par rapport aux sp\u00e9cifications, par exemple l’acceptation de messages non valides ou l’acceptation de messages valides hors s\u00e9quence. Nous d\u00e9veloppons une m\u00e9thodologie g\u00e9n\u00e9ralis\u00e9e et syst\u00e9matique pour d\u00e9duire les machines d’\u00e9tat des protocoles tels que TLS et SSH \u00e0 partir de stimuli et d’observations, et pour \u00e9tudier leur \u00e9volution au fil des r\u00e9visions. Nous utilisons l’algorithme L* pour calculer les machines d’\u00e9tat correspondant \u00e0 diff\u00e9rents sc\u00e9narios d’ex\u00e9cution. Nous reproduisons plusieurs vuln\u00e9rabilit\u00e9s connues (d\u00e9ni de service, contournement d’authentification) et en d\u00e9couvrons de nouvelles. Nous montrons \u00e9galement que l’inf\u00e9rence des machines \u00e0 \u00e9tats est suffisamment efficace et pratique dans de nombreux cas pour \u00eatre int\u00e9gr\u00e9e dans un pipeline d’int\u00e9gration continue, afin d’aider \u00e0 trouver de nouvelles vuln\u00e9rabilit\u00e9s ou d\u00e9viations introduites au cours du d\u00e9veloppement. Gr\u00e2ce \u00e0 notre approche syst\u00e9matique en bo\u00eete noire, nous \u00e9tudions plus de 600 versions diff\u00e9rentes d’impl\u00e9mentations de serveurs et de clients dans divers sc\u00e9narios (versions de protocoles, options). En utilisant les machines d’\u00e9tat r\u00e9sultantes, nous proposons un algorithme robuste pour identifier les piles TLS et SSH. Il s’agit de la premi\u00e8re application de cette approche sur un p\u00e9rim\u00e8tre aussi large, en termes de nombre de piles TLS et SSH, de r\u00e9visions ou de sc\u00e9narios \u00e9tudi\u00e9s.<\/p>\n\n\n\n TLS and SSH are two well-known and thoroughly studied security protocols. In this thesis, we focus on a specific class of vulnerabilities affecting both protocols implementations, state machine errors. These vulnerabilities are caused by differences in interpreting the standard and correspond to deviations from the specifications, e.g. accepting invalid messages, or accepting valid messages out of sequence. We develop a generalized and systematic methodology to infer the protocol state machines such as the major TLS and SSH stacks from stimuli and observations, and to study their evolution across revisions. We use the L* algorithm to compute state machines corresponding to different execution scenarios. We reproduce several known vulnerabilities (denial of service, authentication bypasses), and uncover new ones. We also show that state machine inference is efficient and practical enough in many cases for integration within a continuous integration pipeline, to help find new vulnerabilities or deviations introduced during development. With our systematic black-box approach, we study over 600 different versions of server and client implementations in various scenarios (protocol versions, options). Using the resulting state machines, we propose a robust algorithm to fingerprint TLS and SSH stacks. To the best of our knowledge, this is the first application of this approach on such a broad perimeter, in terms of number of TLS and SSH stacks, revisions, or execution scenarios studied.<\/p>\n","protected":false},"excerpt":{"rendered":" L’Ecole doctorale : Ecole Doctorale de l’Institut Polytechnique de Pariset le Laboratoire de recherche SAMOVAR pr\u00e9sentent l\u2019AVIS DE SOUTENANCE de Monsieur Aina Toky RASOAMANANA Autoris\u00e9 \u00e0 pr\u00e9senter ses travaux en vue de l\u2019obtention du Doctorat de l’Institut Polytechnique de Paris, pr\u00e9par\u00e9 \u00e0 T\u00e9l\u00e9com SudParis en : Informatique \u00ab D\u00e9rivation et analyse des impl\u00e9mentations des protocoles […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"0","ocean_second_sidebar":"0","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"0","ocean_custom_header_template":"0","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"0","ocean_menu_typo_font_family":"0","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"0","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"off","ocean_gallery_id":[],"footnotes":""},"categories":[286,603],"tags":[],"class_list":["post-6024","post","type-post","status-publish","format-standard","hentry","category-fractualites-ennews-fr","category-seminaire-scn","entry"],"_links":{"self":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/6024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/comments?post=6024"}],"version-history":[{"count":1,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/6024\/revisions"}],"predecessor-version":[{"id":6025,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/posts\/6024\/revisions\/6025"}],"wp:attachment":[{"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/media?parent=6024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/categories?post=6024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/samovar.telecom-sudparis.eu\/index.php\/wp-json\/wp\/v2\/tags?post=6024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
M. Karthikeyan BHARGAVAN<\/strong>, Directeur de recherche, INRIA Paris, FRANCE – Rapporteur
Mme Barbara FILA<\/strong>, Ma\u00eetresse de conf\u00e9rences, INSA Rennes, FRANCE – Rapporteure
Mme Marine MINIER<\/strong>, Professeure des universit\u00e9s, Universit\u00e9 de Lorraine, FRANCE – Examinatrice
M. Aur\u00e9lien FRANCILLON<\/strong>, Professeur, EURECOM, FRANCE – Examinateur
M. Fontaine ARNAUD<\/strong>, Responsable d’un laboratoire de l’ANSSI, Agence Nationale de la S\u00e9curit\u00e9 des Syst\u00e8mes d’Information (ANSSI), FRANCE – Examinateur
M. Olivier LEVILLAIN<\/strong>, Ma\u00eetre de conf\u00e9rences, T\u00e9l\u00e9com SudParis, FRANCE – Co-encadrant de th\u00e8se
R\u00e9sum\u00e9 :<\/strong><\/p>\n\n\n\n
Abstract : \u00ab\u00a0Derivation and Analysis of Cryptographic Protocol Implementation\u00a0\u00bb<\/strong><\/p>\n\n\n\n