Final Report Abstract

The Transport Layer Security (TLS) protocol is the most widely used encryption protocol on the Internet, securing data transmission for a wide range of applications. Due to its extensive use in security-critical applications, the security of the protocol is of highest importance. Due to the complexity of the TLS protocol, implementations may contain vulnerabilities. One method to identify such vulnerabilities is Protocol State Learning. In this approach, the state machine of an implementation is learned and analyzed. The state machine describes the response behavior of the implementation. In this project, we developed a tool called TLS-StateVulnFinder, which learns the state machine of both TLS client and server implementations and automatically analyzes it. Our primary focus was to identify cryptographic vulnerabilities (e.g., Bleichenbacher and Padding Oracle attacks) as well as logical flaws. We then used the tool to analyze common open-source TLS implementations and, where possible, evaluated both the server and client implementations. No critical vulnerabilities were identified. Additionally, we developed a prototype of a continuous integration approach that periodically monitors new versions of TLS implementations. This prototype automatically performs compilation, state machine extraction, and analysis to continually assess the security of the TLS implementations.

Publications

• TLS-Anvil: Adapting Combinatorial Testing for TLS Libraries. In Proceedings of the 31nd USENIX Conference on Security Symposium (SEC ’22)
  Marcel Maehren, Philipp Nieting, Sven Hebrok, Robert Merget, Juraj Somorovsky & Jörg Schwenk
  
• Exploring the Unknown DTLS Universe: Analysis of the DTLS Server Ecosystem on the Internet. In Proceedings of the 32nd USENIX Conference on Security Symposium (SEC ’23)
  Nurullah Erinola, Marcel Maehren, Robert Merget, Juraj Somorovsky & Jörg Schwenk
  
• We Really Need to Talk About Session Tickets: A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets. In Proceedings of the 32nd USENIX Conference on Security Symposium (SEC ’23)
  Sven Hebrok, Simon Nachtigall, Marcel Maehren, Nurullah Erinola, Robert Merget, Juraj Somorovsky & Jörg Schwenk
  
• With Great Power Come Great Side Channels: Statistical Timing Side-Channel Analyses with Bounded Type-1 Errors. In Proceedings of the 33nd USENIX Conference on Security Symposium (SEC ’24)
  Martin Dunsche, Marcel Maehren, Nurullah Erinola, Robert Merget, Nicolai Bissantz, Juraj Somorovsky & Jörg Schwenk