Inferring OpenVPN State Machines Using Protocol State Fuzzing

Lesly-Ann Daniel, Erik Poll, Joeri de Ruiter
2018 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)  
The reliability of a security protocol is of the utmost importance but can easily be compromised by a vulnerability in the implementation. A crucial aspect of an implementation is the protocol's state machine. The state machine of an implementation can be inferred by black box testing using regular inference. These inferred state machines provide a good insight into implementations and can be used to detect any spurious behavior. We apply this technique to different implementations of OpenVPN:
more » ... he standard OpenVPN and the OpenVPN-NL implementations. Although OpenVPN is a widely used TLS-based VPN solution, there is no official specification of the protocol, which makes it a particularly interesting target to analyze. We infer state machines of the server-side implementation and focus on particular phases of the protocol. Finally we analyze those state machines, show that they can reveal a lot of information about the implementation which is missing from the documentation, and discuss the possibility to include state machines in a formal specification.
doi:10.1109/eurospw.2018.00009 dblp:conf/eurosp/DanielPR18 fatcat:rkijsstqzrcxzcmm53rteklowe