About KoTeBi //
The situation in software development
The Transport Layer Security (TLS) protocol is one of the most important security standards on computers and
smartphones today. It is used to secure communication over the internet and is used, for example, when
streaming videos.
However, human errors in the implementation of TLS and other encryption protocols repeatedly lead to security gaps. These are becoming increasingly challenging as they result from complex combinations of different protocol versions and their sub-steps. This complex interaction is extremely difficult to anticipate during software development. Comprehensive security tests can provide a remedy, provided they take this complexity sufficiently into account.
However, human errors in the implementation of TLS and other encryption protocols repeatedly lead to security gaps. These are becoming increasingly challenging as they result from complex combinations of different protocol versions and their sub-steps. This complex interaction is extremely difficult to anticipate during software development. Comprehensive security tests can provide a remedy, provided they take this complexity sufficiently into account.
KoTeBi at a Glance
All the answers about the KoTeBi project in our short video (German).
Our experts give you the insight.
// What is KoTeBi?
// Where is it used?
// How is the process working?
// What is KoTeBi?
// Where is it used?
// How is the process working?
Goals of the KoTeBi Project
The goal of the project “Combinatorial testing of TLS libraries at all levels ”(KoTeBi) is to identify and
avoid vulnerabilities and
compatibility problems during programming.
To achieve this, the researchers will develop a system that enables end-to-end testing of program libraries, which implement specific protocols.
To this end, the project participants are researching methods for the automated detection of security vulnerabilities, which result in particular from the combination of protocol versions and their sub-steps. The goal is to enable software developers to test their own implementations with the tool so that security is already ensured during the development process.
To achieve this, the researchers will develop a system that enables end-to-end testing of program libraries, which implement specific protocols.
To this end, the project participants are researching methods for the automated detection of security vulnerabilities, which result in particular from the combination of protocol versions and their sub-steps. The goal is to enable software developers to test their own implementations with the tool so that security is already ensured during the development process.
The KoTeBi Process
Background and Details
Scientific presentation at the 20th German IT Security Congress (German).
Speaker:
◦ Conrad Schmidt (Hackmanit GmbH)
◦ Marcel Maehren (Ruhr-Universität Bochum)
Speaker:
◦ Conrad Schmidt (Hackmanit GmbH)
◦ Marcel Maehren (Ruhr-Universität Bochum)
Innovations and Prospects
If vulnerabilities in security-critical software applications are systematically and continuously recorded,
this helps considerably to better secure services and products.
In the future, the project will enable the independent security analysis of in-house developments. This is promising, for example, with regard to new cryptographic procedures, which are increasingly needed today and in the future. This is because existing encryption protocols such as TLS were mostly developed for powerful computers. New methods are increasingly being developed for low-resource devices, such as those used in the Internet of Things.
In addition to employees in software development, testing institutes and supervisory authorities can also benefit from automated tests. For example, it is conceivable that the research results could be used for software certification tools. By making the development of communication protocols more secure, the researchers are making an important contribution to the future viability of Germany and Europe in a digital world.
In the future, the project will enable the independent security analysis of in-house developments. This is promising, for example, with regard to new cryptographic procedures, which are increasingly needed today and in the future. This is because existing encryption protocols such as TLS were mostly developed for powerful computers. New methods are increasingly being developed for low-resource devices, such as those used in the Internet of Things.
In addition to employees in software development, testing institutes and supervisory authorities can also benefit from automated tests. For example, it is conceivable that the research results could be used for software certification tools. By making the development of communication protocols more secure, the researchers are making an important contribution to the future viability of Germany and Europe in a digital world.
Become a KoTeBi project partner now!
All details and specifications here ▶ ▶ ▶
Funded by the Federal Ministry of Education and Research // Coordinator - University of Paderborn - SICP
Project Partners - Hackmanit GmbH Bochum, InnoZent OWL e.V., Ruhr-University Bochum