State Machine Issues in Network Stacks and Application to SSH

Abstract

Network protocol implementations ("stacks") are pervasive in our modern systems. Indeed, we rely on various protocols on a daily basis, the most proeminent thereof being TLS. One of the problem with network stacks is that they can exhibit wrong transitions in their state machines, which can lead to security issues. In a previous article [0], our team studied the state machines of various TLS stacks, which allowed us to replay known security bugs and to uncover new vulnerabilities. Overall, our findings can be categorized as follows:

  • authentication bypasses using shortcuts (by skipping one or several messages, it can be possible to reach authenticated states without having to present credentials);
  • denial of service (in some cases, we found states where a stack would indefinitely accept an insignificant message, allowing an attacker to maintain a connection open, before the authentication);
  • fingerprinting (it is not a vulnerability per se, but we showed that TLS stacks could be distinguished by their behavior).

Since 2022, we have been working on other protocols (OPC-UA, SSH), and on the improvement of our tools. In this presentation, we propose the following agenda:

  • context presentation
  • methodology description
  • focus on the SSH protocol
  • examples of existing vulnerabilities
  • detailed description of new issues in wolfssh

[0] Aina Toky Rasoamanana, Olivier Levillain and Hervé Debar. Towards a Systematic and Automatic Use of State Machine Inference to Uncover Security Flaws and Fingerprint TLS Stacks. In ESORICS 2022. [https://paperstreet.picty.org/yeye/2022/conf-esorics-RasoamananaLD22/]

Bio

Olivier Levillain is an associate professor in cybersecurity at Télécom SudParis. Before that, he has been in charge of the cybersecurity training center at ANSSI (the French cybersecurity agency). He also used to work in ANSSI laboratories on various subjects, ranging from attacks on low-level harsware mechanisms to public key infrastructures. More recently, he has been working on secure network protocols (and particularly on SSL/TLS and SSH) and on software vulnerability reproduction.