![The members of the System Security Group from left to right: Jost Rossel, Juraj Somorovsky, Sven Hebrok, Hendrik Siewert, Niklas Niere. [Photo: 2023-03-02]](/fileadmin-eim/_processed_/5/1/csm_team_dd35a1f724.jpg "The members of the System Security Group")
Extending TLS-Attacker with new features and attacks
TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.
In cooperation with the Ruhr University Bochum, we are constantly extending this library and provide new TLS evaluation features or implement new attacks. Once these features are added, their prevalence is evaluated in the TLS ecosystem using our TLS-Scanner.
These are just a few examples of topics we are currently offering:
- OCSP Scaning
- SSL labs scoring system integration
- Evaluation of TLS server configuration compatibility to different standards (e.g., FIPS or BSI TR-02102-2)
References:
- https://github.com/RUB-NDS/TLS-Attacker
- https://github.com/RUB-NDS/TLS-scanner
- https://www.ssllabs.com/ssltest/
- https://www.bsi.bund.de/DE/Publikationen/TechnischeRichtlinien/tr02102/index_htm.html
Requirements:
- Good Java programming skills
- Knowledge of TLS
- Interest in the development of new attacks