A. Sabiguero, M. E. Corti, and C. Viho, "The new Internet Protocol security IPSec testing with TTCN-3," ETSI TTCN-3 User Conference 2007: Stockholm (Sweden), May 29-June 1, 2007.
Added by: Deleted user (01 Aug 2008 14:05:52 Europe/Berlin) Last edited by: Deleted user (20 Aug 2008 11:50:29 Europe/Berlin)
|Resource type: Conference Paper
BibTeX citation key: Sabiguero
View all bibliographic details
Creators: Corti, Sabiguero, Viho
Publisher: Ericsson, ETSI (Stockholm (Sweden))
Collection: ETSI TTCN-3 User Conference 2007
Views index: %
Popularity index: 9.75%
The Internet Protocol version 6 (IPv6) is the new version of current Internet Protocol (IPv4). The most popular enhancement of IPv6 is the growth of the IP address space, but several other changes are introduced. One important improvement is that the security aspects are included in the specification. In IPv6 confidentiality and authentication of packets are mandatory. Thus testing IPv6 must include the testing of the new Internet Protocol security features. This is already the case in the world wide IPv6 Ready Logo certification program that provides test suites for IPsec (Internet Protocol Security). IPSec is a set of protocols that provides cryptographically based security at the IP layer, protecting the network and upper layers. The services offered by IPSec includes: confidentiality, connectionless integrity and data origin authentication.
TTCN-3 language was designed to specify and implement any kind of testing activity in an abstract and efficient way. It has been successfully applied for the new Internet Protocol testing. Moreover, in the recent years, different research groups have released public TTCN-3 libraries that ease IPv6 test case development.
The objective of this work is to present the use of TTCN-3 language and tools to test IPv6-IPSec, specifically conformance. The test cases themselves exchange only few messages between the tester and the Implementation Under Test (IUT), and could be considered quite simple to implement but they hold the inherent complexity of the encryption, decryption and authentication/integrity algorithms, among others. IPSec specification (by means of an RFC - Request for Comments) indicates which authentication/integrity and encryption algorithms are used. The RFC does not specify the algorithms themselves, but describes how to use existing ones. Thus, in the test specification, this algorithms are not implemented in TTCN-3.
Already existing libraries that implement the required algorithms are used.
This work compares different methodological approaches to reuse existing functions and distribute complexity of the task across TTCN-3 standard interfaces. One possibility is to model the encryption stage as an operation performed and specified in the TTCN-3 Abstract Test Specification (ATS) of the test case. Other possibility is to consider the encryption as a transmission problem. Consequently, making the TTCN-3 ATS unaware of the encryption/decryption task. Different decisions lead to different tester configuration and Executable Test Suites (ETS) for the same test requirement. We explore how these ATS design decisions impact the ETS, simplifying or hardening the test development. Pros and cons are discussed.
This work shall help the reader to understand deeply the different interfaces present in TTCN-3 and how to use them effectively to address particular problems. Different decisions lead to different capabilities and expressiveness of the TTCN-3 ATS. Practical results are presented.
Added by: Deleted user