Errors in the state machine of a cryptographic protocol like TLS are known to cause serious security problems: Client or server authentication can be bypassed, or cryptographic keys can be derived from publicly known values. All research work to date follows the approach of finding errors in the functional state machine. The present proposal extends this approach by also investigating errors in the state machine for error handling. Such errors can be used for padding Oracle attacks or for Bleichenbacher attacks.The investigation methodology consists in extending the alphabet of the library LearnLib by elements corresponding to specific malformed messages in TLS. These elements are converted into the corresponding TLS messages using a mapper to be implemented. Our library TLSAttacker serves as a basis for the implementation of this mapper.

DFG Programme Research Grants