Return to search

Shepherding Network Security Protocols as They Transition to New Atmospheres: A New Paradigm in Network Protocol Analysis

The solutions presented in this dissertation describe a new paradigm in which we shepherd these network security protocols through atmosphere transitions, offering new ways to analyze and monitor the state of the protocol. The approach involves identifying a protocols transitional weaknesses through adaption of formal models, measuring the weakness as it exists in the wild by statically analyzing applications, and show how to use network traffic analysis to monitor protocol implementations going into the future. Throughout the effort, we follow the popular Open Authorization protocol in its attempts to apply its web-based roots to a mobile atmosphere. To pinpoint protocol deficiencies, we first adapt a well regarded formal analysis and show it insufficient in the characterization of mobile applications, tying its transitional weaknesses to implementation issues and delivering a reanalysis of the proof. We then measure the prevalence of this weakness by statically analyzing over 11,000 Android applications. While looking through source code, we develop new methods to find sensitive protocol information, overcome hurdles like obfuscation, and provide interfaces for later modeling, all while achieving a false positive rate of below 10 percent. We then use network analysis to detect and verify application implementations. By collecting network traffic from Android applications that use OAuth, we produce a set of metrics that when fed into machine learning classifiers, can identify if the OAuth implementation is correct. The challenges include encrypted network communication, heterogeneous device types, and the labeling of training data.

Identiferoai:union.ndltd.org:unt.edu/info:ark/67531/metadc1609134
Date12 1900
CreatorsTalkington, Gregory Joshua
ContributorsDantu, Ram, Morozov, Kirill, Thompson, Mark, Blanco, Eduardo, Vexler, Manuel
PublisherUniversity of North Texas
Source SetsUniversity of North Texas
LanguageEnglish
Detected LanguageEnglish
TypeThesis or Dissertation
Formatviii, 111 pages, Text
RightsPublic, Talkington, Gregory Joshua, Copyright, Copyright is held by the author, unless otherwise noted. All rights Reserved.

Page generated in 0.0019 seconds