Duration: 07.2022 to 06.2025
Total funding volume: 1.733 million euros
University funding volume: 637,907 euros
Funded by: Federal Ministry of Education and Research (BMBF)

TLS (Transport Layer Security) is the most important security standard used in practice - TLS ensures the authenticity, integrity and confidentiality of private and business communications, guarantees data protection and secures complex IT systems. While the theoretical security of TLS has been well researched and understood, implementation errors repeatedly lead to serious security gaps that can be exploited for attacks (HeartBleed, POODLE, ROBOT, DROWN, RACCOON, ...). While the first implementation errors could still be easily found manually, more recent attacks utilise a complex interplay of several TLS versions and numerous TLS features.

In order to ensure the security of such complex cryptographic implementations, it is essential to develop methods for automated testing of all possible combinations of these features at all levels. The aim of the proposed project is to develop such automated test methods and to implement them practically in a test suite. Our test suite can thus be used by developers, integrators, operators, testing institutes and supervisory authorities to test TLS implementations with regard to security and interoperability. The open source framework TLS-Attacker, which was jointly developed by Paderborn University and Ruhr University Bochum, is used as the basis for the test suite.

Requirements are contributed by the company partners, who provide critical support during development. Integration into a software testing framework is planned so that our test suite can be used for compliance and security tests of existing implementations as well as to accompany the development of new implementations.

Project partners: Hackmanit GmbH, InnoZent OWL e.V., Ruhr University Bochum