dcypher.nl

U bent hier

DCSRA2016: Protocol state fuzzing of TLS implementations

DCSRA2016: Protocol state fuzzing of TLS implementations

21 March 2016

The research paper “Protocol state fuzzing of TLS implementations”, by Joeri de Ruiter and Erik Poll, is unanimously selected by the Jury as winning paper in the 2016 Dutch Cyber Security best Research paper Award (DCSRA) competition! Co-author, Erik Poll, receives the DCS best Research paper Award from Srdjan Capkun, member of the International DCSRA Jury 2016.
Prof. Srdjan Capkun en dr. ErikPoll
Erik Poll (RUN) and Srdjan Capkun (ETH Zurich)
 
Bonus cheque from IBM!
Erik Poll, representing the winning team of authors, also receives a special bonus from IBM, a €500 cheque from IBM Director Security Software Europe, Johan Arts.
 
Johan Arts (IBM) and Erik Poll (RUN)
 
 
International Jury
 
Three jury members, well-respected scientists in the international cybersecurity research arena: Prof. Srdjan Capkun (Switzerland), Dr. Wee Keong Ng (Singapore) and Prof. Bart Preneel (Belgium) individually ranked and collectively decided on the quality of the papers for the Dutch Cyber Security Research Award (DCSRA) 2016. During the ICT.OPEN 2016 track “New Challenges in Cyber Security and Privacy” all five invited authors received after their paper presentation a signed certificate in support of their highly appreciated research paper. The Jury called “Protocol state fuzzing of TLS implementations” the best paper out of a top five selection, resulting from a call for nominations. 
 
On the winning paper the Jury wrote the following assessment:
Transport Layer Security (TLS) protocol implementations are very important in today’s internet security.
The paper, presented at a top conference, uses an existing tool for black box analysis (state machine learning) techniques to recover the protocol state machine of commonly used implementation of TLS. Several new flaws were revealed, and it is also shown that several implementations have state machines which are more complex than needed. A clear conclusion is that state machines should be included in official protocol specifications to reduce implementation freedom. This approach has also been used for another security protocol (EMV). All in all, the Jury likes this paper very much for the solid scientific approach, the impact, the relevance, the excellent quality of the write-up and the conclusions with clear recommendations. 
 
 
From left to right all nominees of the Dutch Cyber Security best Research paper Award 2016:
Niels van Adrichem (TUD), Dennis Andriesse (VU), Michael Ciere (TUD), Er
ik Poll (RUN) and Carlo Meijer (RUN)
 
More information about the DCSRA 2016