Achtung:

Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft Bildinformationen anzeigen

Studierende in den Seminarräumen des O-Gebäudes, Foto: Universität Paderborn, Fotografin: Judith Kraft

Extending TLS-Attacker with new features and attacks

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.

In cooperation with the Ruhr University Bochum, we are constantly extending this library and provide new TLS evaluation features or implement new attacks. Once these features are added, their prevalence is evaluated in the TLS ecosystem using our TLS-Scanner.

These are just a few examples of topics we are currently offering:

  • OCSP Scaning
  • SSL labs scoring system integration
  • Evaluation of TLS server configuration compatibility to different standards (e.g., FIPS or BSI TR-02102-2)

References:


Requirements:

  • Good Java programming skills
  • Knowledge of TLS
  • Interest in the development of new attacks

Die Universität der Informationsgesellschaft