print · source · login   

TLS Protocol

Source publication: [RP15]

Tag: security protocol

Description

TLS, short for Transport Layer Security, is widely used protocol that aims to provide privacy and data integrity between two or more communicating computer applications, for example in HTTPS. The authors of [RP15] analysed both server- and client-side implementations of TLS with a test harness that supports several key exchange algorithms and the option of client certificate authentication. Using LearnLib they succeeded to learn Mealy machine models of a number of TLS implementations. They show that this approach can catch an interesting class of flaws that is apparently common in security protocol implementations: in three of the TLS implementations analysed new security flaws were found (in GnuTLS, the Java Secure Socket Extension, and OpenSSL). This shows that model learning is a useful technique to systematically analyse security protocol implementations. As the analysis of different TLS implementations resulted in different and unique state machines for each one, the technique can also be used for fingerprinting TLS implementations.