CN104391788A - State-model-based secure communication protocol testing method and system - Google Patents
State-model-based secure communication protocol testing method and system Download PDFInfo
- Publication number
- CN104391788A CN104391788A CN201410643909.9A CN201410643909A CN104391788A CN 104391788 A CN104391788 A CN 104391788A CN 201410643909 A CN201410643909 A CN 201410643909A CN 104391788 A CN104391788 A CN 104391788A
- Authority
- CN
- China
- Prior art keywords
- secure communication
- communication protocols
- state model
- state
- testing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Maintenance And Management Of Digital Transmission (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to a state model testing method and a state model testing system for a secure communication protocol. The method comprises the following steps of 1, packaging the secure communication protocol, and implementing a protocol specification described by the secure communication protocol; 2, mapping the secure communication protocol into a plurality of state models; 3, designing corresponding testing software according to the state models; 4, introducing an insecure state and an illegal state to the state models by virtue of the testing software respectively, judging whether the secure communication protocol enters the corresponding state models or not, determining that the secure communication protocol is secure if the secure communication protocol enters the corresponding state models, otherwise determining that the secure communication protocol is insecure. According to the method, whether the secure communication protocol is secure or not is judged by mapping the protocol into the state models and introducing the illegal state to the state models, so that the secure communication protocol is efficiently tested with low cost.
Description
Technical field
The present invention relates to train safe field tests, especially relate to a kind of secure communication protocols method of testing based on state model and system.
Background technology
Penetrate into today of daily life every aspect in Internet technology, communication safety of computer system technology is in the urgent need to strengthening.In railway signal communication system, carry out security related information by closed transmission system between safety equipment mutual, to secure device communication based on agreement to carry out safety test be a railway information safety technique important topic urgently to be resolved hurrily.Meanwhile, the test and validation that sexual needs of interconnecting between different railway equipment research and development producer are a large amount of, regression tests a large amount of in product up-gradation, software upgrade process is in the urgent need to the portable secure communication protocols method of testing good with extensibility.Usual protocol security testing method comprises: formalization test, white-box testing and Black-box Testing etc.General different forms fractional analysis method UML is tested in formalization and coloring petri net is verified protocol function and performance, based on CPN, SPN, the reliability of ETCS radio communication, transmission delay are analyzed, train-ground communication protocol finite state machine model is set up based on TTCN-3, generate cycle tests, carry out testing protocol consistency, set up testing and assessment platform, carry out Formal Modeling and analysis.White-box testing needs the source code of agreement to be measured, and Black-box Testing is based on the external description of agreement, i.e. protocol specification.
Formalization test and white-box testing need the source code of agreement to be measured, and therefore its scene applicatory is very limited.Black-box Testing is based on the external description of agreement, and its realization does not need computer program source code, and test result can be applied to all of protocol specification and realize situation, but also there are the following problems: it is high that (1) realizes cost; (2) execution efficiency is low, very consuming time in implementation; (3) secure communication protocols needs to develop an a set of proving installation, is unfavorable for portable and the extensibility of proving installation.
Summary of the invention
The invention provides a kind of secure communication protocols method of testing based on state model and system, by agreement is mapped as state model, and introduce illegal state to state model, judge this secure communication protocols whether safety, thus low cost, achieve the test of secure communication protocols efficiently.
According to above-mentioned purpose, the invention provides a kind of secure communication protocols method of testing based on state model, it is characterized in that, described method comprises:
S1, encapsulates described secure communication protocols, realizes the protocol specification described by described secure communication protocols;
S2, is mapped as multiple state model by the secure communication protocols after described encapsulation;
S3, the testing software corresponding according to described state model design;
S4, introduces non-secure states and illegal state by described testing software respectively to described state model, judges whether described secure communication protocols enters corresponding state model, if so, then judges described secure communication protocols safety, otherwise dangerous.
Wherein, the injecting by injecting the mode of fault of described illegal state.
Wherein, described illegal state is the safety failure corresponding with the secure communication protocols realized.
According to another aspect of the present invention, provide a kind of secure communication protocols test macro based on state model, it is characterized in that, described system comprises:
Encapsulation unit, for encapsulating described secure communication protocols, realizes the protocol specification described by described secure communication protocols;
Map unit, for being mapped as multiple state model by described secure communication protocols;
Testing software design cell, for the testing software corresponding according to described state model design;
Analysis unit, for introducing non-secure states and illegal state by described testing software respectively to described state model, judge whether described secure communication protocols enters corresponding state model, if, then judge described secure communication protocols safety, otherwise dangerous.
Secure communication protocols method of testing based on state model of the present invention and system, by by secure communication protocols realize based on protocol specification be mapped as state model, and introduce the illegal state corresponding with the safety failure described in protocol realization to state model, as time delay, out of order, frame losing, wrong frame, network interruption etc., observe whether the state model introducing communication protocol guiding after illegal state is the safe condition expected, thus low cost and realize the confirmatory test of secure communication protocols efficiently.
Accompanying drawing explanation
Can understanding the features and advantages of the present invention clearly by reference to accompanying drawing, accompanying drawing is schematic and should not be construed as and carry out any restriction to the present invention, in the accompanying drawings:
Fig. 1 shows the process flow diagram of the secure communication protocols method of testing based on state model of the present invention.
Fig. 2 shows the structured flowchart of the secure communication protocols test macro based on state model of the present invention.
Embodiment
Below in conjunction with accompanying drawing, embodiments of the present invention is described in detail.
Fig. 1 shows the process flow diagram of the secure communication protocols method of testing based on state model of the present invention.
With reference to Fig. 1, the secure communication protocols method of testing based on state model of embodiments of the invention comprises step:
S1, encapsulates described secure communication protocols, realizes the protocol specification described by described secure communication protocols;
S2, is mapped as multiple state model by the secure communication protocols after encapsulation;
S3, the testing software corresponding according to described state model design;
S4, introduces non-secure states and illegal state by described testing software respectively to described state model, judges whether described secure communication protocols enters corresponding state model, if so, then judges described secure communication protocols safety, otherwise dangerous.
In the present embodiment, the injection of illegal state is introduced by the mode injecting fault, and this illegal state is the safety failure corresponding with the secure communication protocols realized.
Below for FSFB/2 agreement, specifically describe the method for testing of secure communication protocols FSFB/2 agreement, the process of the method is specific as follows:
1) encapsulate FSFB/2 agreement, realize the protocol specification that FSFB/2 agreement describes;
2) mapping FSFB/2 agreement is SSE sequence calibration request, state model such as the calibration of SSR sequence response, BTD, EBT, ABT acknowledgement frame etc.;
3) according to above-mentioned state model, the testing software that design is corresponding, and provide friendly interface environment, based on MFC framework, realizes step 2) described in state model;
4) non-secure states is introduced by testing software to state model, realize step 2) described in the State Transferring of state model, judge whether FSFB/2 agreement enters corresponding state model, if, then judge described secure communication protocols safety, otherwise dangerous.
5) illegal state corresponding with FSFB/2 protocol realization and safety failure is introduced to state model to inject failure mode, the states such as such as time delay, out of order, frame losing, wrong frame, network interruption, judge whether FSFB/2 agreement enters corresponding state model, if, then judge described secure communication protocols safety, otherwise dangerous.
In the present embodiment, FSFB/2 agreement is the secure communication protocols in open communication system.FSFB/2 agreement ensures that between TCC equipment and LEU equipment, data carry out safe transmission, when communication port is in unsafe condition, can inform safety equipment so that carry out security protection process.
During TCC and LEU communicates, there are two kinds of different transmission modes, be respectively TSD and BTM, content, flow process and reception, transmit leg that two kinds of modes are transmitted are not identical.
TSD pattern is the general modfel of TCC to LEU transponder beacon message, this pattern is initiated by LEU (data receiver), SSE (sequence calibration request) is sent to TCC (data receiver), TCC will respond SSR (sequence calibration response) to complete handshake procedure, after handshake procedure completes, if do not go out active to exceed the situation such as the frame number of allowable value, three timestamp comparation mistakes, time-out, TCC by continue to LEU transponder beacon message.
When BTM pattern is TCC inquiry LEU state, the communication pattern that both sides adopt, this pattern is initiated by TCC, sends SBT (buffer memory transmission starts), through a series of comparatively complicated reciprocal process, complete the inquiry of LEU state to LEU.In the process, TCC is take over party's (command transfer stage) and transmit leg (other two stages) simultaneously, otherwise LEU then.This pattern is clocked flip, completes once every the specific time (15s or 30s).
The above-mentioned protocol mode of comprehensive analysis, is mapped as ABT, BTD, EBT, SSE, SSR five kinds of state models by FSFB/2 agreement.
In another aspect of the present invention, provide a kind of secure communication protocols test macro based on state model.
Fig. 2 shows the structured flowchart of the secure communication protocols test macro based on state model of the present invention.
With reference to Fig. 2, this system comprises:
Encapsulation unit 10, for encapsulating described secure communication protocols, realizes the protocol specification described by described secure communication protocols;
Map unit 20, for being mapped as multiple state model by described secure communication protocols;
Testing software design cell 30, for the testing software corresponding according to described state model design;
Analysis unit 40, for introducing non-secure states and illegal state by described testing software respectively to described state model, judge whether described secure communication protocols enters corresponding state model, if, then judge described secure communication protocols safety, otherwise dangerous.
Secure communication protocols method of testing based on state model of the present invention and system, by by secure communication protocols realize based on protocol specification be mapped as state model, and introduce the illegal state corresponding with the safety failure described in protocol realization to state model, as time delay, out of order, frame losing, wrong frame, network interruption etc., observe whether the state model introducing communication protocol guiding after illegal state is the safe condition expected, thus low cost and realize the confirmatory test of secure communication protocols efficiently.
Although describe embodiments of the present invention by reference to the accompanying drawings, but those skilled in the art can make various modifications and variations without departing from the spirit and scope of the present invention, such amendment and modification all fall into by within claims limited range.
Claims (4)
1. based on a secure communication protocols method of testing for state model, it is characterized in that, described method comprises:
S1, encapsulation secure communication protocols, realizes the protocol specification described by described secure communication protocols;
S2, is mapped as multiple state model by the secure communication protocols after encapsulation;
S3, the testing software corresponding according to described state model design;
S4, introduces non-secure states and illegal state by described testing software respectively to described state model, judges whether described secure communication protocols enters corresponding state model, if so, then judges described secure communication protocols safety, otherwise dangerous.
2. the secure communication protocols method of testing based on state model according to claim 1, is characterized in that, the injection of described illegal state is introduced by the mode injecting fault.
3. the secure communication protocols method of testing based on state model according to claim 2, is characterized in that, described illegal state is the safety failure corresponding with the secure communication protocols realized.
4. based on a secure communication protocols test macro for state model, it is characterized in that, described system comprises:
Encapsulation unit, for encapsulating described secure communication protocols, realizes the protocol specification described by described secure communication protocols;
Map unit, for being mapped as multiple state model by described secure communication protocols;
Testing software design cell, for the testing software corresponding according to described state model design;
Analysis unit, for introducing non-secure states and illegal state by described testing software respectively to described state model, judge whether described secure communication protocols enters corresponding state model, if, then judge described secure communication protocols safety, otherwise dangerous.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410643909.9A CN104391788A (en) | 2014-11-07 | 2014-11-07 | State-model-based secure communication protocol testing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410643909.9A CN104391788A (en) | 2014-11-07 | 2014-11-07 | State-model-based secure communication protocol testing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104391788A true CN104391788A (en) | 2015-03-04 |
Family
ID=52609696
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410643909.9A Pending CN104391788A (en) | 2014-11-07 | 2014-11-07 | State-model-based secure communication protocol testing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104391788A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109104337A (en) * | 2018-11-01 | 2018-12-28 | 郑州云海信息技术有限公司 | A kind of method, device and equipment of test network access control tool |
| TWI687828B (en) * | 2019-05-02 | 2020-03-11 | 國立交通大學 | Automatic protocol test method by reverse engineering from packet traces to extended finite state machine |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1812347A (en) * | 2005-01-24 | 2006-08-02 | 华为技术有限公司 | Protocol validity verifying and testing method based on mode conversion |
| CN102624574A (en) * | 2011-01-27 | 2012-08-01 | 西门子公司 | Security testing method and device for protocol implementation |
| DE102012216841A1 (en) * | 2011-09-29 | 2013-04-04 | Siemens Aktiengesellschaft | Method for performing security tests relative to protocol implementations for e.g. connecting distributedly arranged computers in communication industry, involves performing fuzz testing relative protocol implementation using applications |
| CN103391224A (en) * | 2013-07-22 | 2013-11-13 | 清华大学 | Protocol layering test generation method based on parallel expansion finite-state machine |
-
2014
- 2014-11-07 CN CN201410643909.9A patent/CN104391788A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1812347A (en) * | 2005-01-24 | 2006-08-02 | 华为技术有限公司 | Protocol validity verifying and testing method based on mode conversion |
| CN102624574A (en) * | 2011-01-27 | 2012-08-01 | 西门子公司 | Security testing method and device for protocol implementation |
| DE102012216841A1 (en) * | 2011-09-29 | 2013-04-04 | Siemens Aktiengesellschaft | Method for performing security tests relative to protocol implementations for e.g. connecting distributedly arranged computers in communication industry, involves performing fuzz testing relative protocol implementation using applications |
| CN103391224A (en) * | 2013-07-22 | 2013-11-13 | 清华大学 | Protocol layering test generation method based on parallel expansion finite-state machine |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109104337A (en) * | 2018-11-01 | 2018-12-28 | 郑州云海信息技术有限公司 | A kind of method, device and equipment of test network access control tool |
| CN109104337B (en) * | 2018-11-01 | 2022-02-18 | 郑州云海信息技术有限公司 | Method, device and equipment for testing network access control tool |
| TWI687828B (en) * | 2019-05-02 | 2020-03-11 | 國立交通大學 | Automatic protocol test method by reverse engineering from packet traces to extended finite state machine |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI727988B (en) | System and method for establishing a trusted diagnosis/debugging agent over a closed commodity device | |
| US9135130B2 (en) | Debugging method, chip, board, and system | |
| CN102594914B (en) | Remote debugging method based on cloud platform | |
| CN103036739B (en) | Formalization method for verification and performance analysis of high reliable communication system | |
| CN103269291B (en) | Android platform utilize point-to-point radio-frequency apparatus carry out the method for ADB debugging | |
| CN110232012A (en) | A kind of fuzz testing language protocol test script and testing engine based on xml | |
| CN103023708A (en) | Method and system for testing communication protocol interface | |
| CN104486169A (en) | Reusable automatic detection and random verification system and method | |
| CN103684792B (en) | A kind of safety certifying method and OAM message transmitting/receiving means of OAM | |
| CN103019938B (en) | A kind of method and device in the application of local test cloud platform | |
| Chen et al. | Performance analysis and verification of safety communication protocol in train control system | |
| CN104391788A (en) | State-model-based secure communication protocol testing method and system | |
| CN102624587B (en) | System and method capable of achieving defect detection for IEC60870-5-101/104 communication protocol | |
| CN102609353A (en) | Method, device and system for managing program debugging | |
| Park et al. | L2Fuzz: Discovering Bluetooth L2CAP vulnerabilities using stateful fuzz testing | |
| CN103259697B (en) | Android platform utilize UWB equipment carry out the method for ADB debugging | |
| CN110572296B (en) | Internet of things terminal equipment communication protocol consistency safety detection method | |
| KR102553472B1 (en) | Method for testing AT based on AUTOSAR standard | |
| CN103391223B (en) | A kind of IEC101 protocol massages fast automatic detecting method | |
| CN103269293B (en) | Android platform utilize microwave telecommunication devices carry out the method for debugging acid ADB debugging | |
| CN103152216A (en) | System test method and device in internet | |
| CN104991848A (en) | Method and system for implementing Key code burning on basis of MSComm control | |
| Kuhn | Simulator coupling for network fault injection testing | |
| Lee et al. | Collecting big data from automotive ECUs beyond the CAN bandwidth for fault visualization | |
| CN103269292B (en) | Short distance microwave telecommunication devices are utilized to carry out the method for debugging acid ADB debugging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100070 Beijing science and Technology Park of Fengtai District Haiying Road No. 6 hospital of Beijing, the headquarters of the International 2 Building No. 3 Applicant after: TRAFFIC CONTROL TECHNOLOGY Co.,Ltd. Address before: 100070 Beijing science and Technology Park of Fengtai District Haiying Road No. 6 hospital of Beijing, the headquarters of the International 2 Building No. 3 Applicant before: Beijing Traffic Control Technology Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100070 Beijing science and Technology Park of Fengtai District Seahawks Hospital No. 6 2, No. 3 (Park) Applicant after: TRAFFIC CONTROL TECHNOLOGY Co.,Ltd. Address before: 100070 Beijing science and Technology Park of Fengtai District Haiying Road No. 6 hospital of Beijing, the headquarters of the International 2 Building No. 3 Applicant before: TRAFFIC CONTROL TECHNOLOGY Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150304 |