Automated analysis of security-sensitive protocols

Oct 25, 2005

The sheer number and variety of security protocols for Internet applications under development makes it difficult to be sure that any one protocol is 100 per cent secure from attack. Now an automated tool can systematically validate these security-sensitive protocols and applications.

“The AVISPA software tool enables a security protocol designer to input the protocol and the language he/she wishes to use, then feeds back information on this protocol including any known bugs or security weaknesses,” says Professor Alessandro Armando of the University of Genoa’s Artificial Intelligence Laboratory (DIST) and coordinator of the IST programme-backed Future and Emerging Technologies project AVISPA. “Previously such protocol designers had no automated support to help them in their design role – that is the purpose of the AVISPA tool."

Secure protocols are a vital element in carrying out safe online interactions between a user’s Web browser and a company Web server, for example a bank’s Web server in an online banking application. Though such protocols might look simple, they can often be extremely difficult to get absolutely right, such as with no bugs or weaknesses in the protocol.

Armando quotes the classic example of the Needham-Schroeder public-key protocol, which was first published in 1978 as a means of mutual authentication between two parties using public-key cryptography. The protocol was eventually found to be vulnerable to simple attacks in 1996, eighteen years later!

AVISPA participants aimed to develop a push-button, industrial-strength technology for the analysis of such security-sensitive Internet protocols and applications. The project finished in July 2005 with the release of the AVISPA tool, which is a simple software application that runs on a PC or via a Web interface. It can be accessed online, and offers both a Basic and an Expert mode.

The consortium partners believe that this new tool will help speed the development of the next generation of security protocols, and improve their security in the process.

Project partner Siemens has already discovered a weakness in one of its own protocols using the tool, and has revised the protocol and issued a new patent accordingly. The partners have started collaborating with SAP for continuing the analysis of more complex security-sensitive applications under future research projects.

Source: IST Results

Explore further: NEC profit jumps 70% after smartphone overhaul

Related Stories

How to kill a protein

19 hours ago

For decades scientists have been looking closely at how our cells make proteins. But the inverse is equally important: how cells kill them.

Redirect to SMB vulnerability in Windows discovered

Apr 14, 2015

News stories on tech spots on Monday reported that the Irvine, California, security company Cylance's SPEAR research team discovered a vulnerability relating to all versions of Windows including the Windows ...

Future privacy technologies protect personal data better

Apr 09, 2015

In Estonia, the public and private sector have databases the merging and analysis of which could help the state and enterprises make better management decisions. However, such consolidation of data would be a serious threat ...

Recommended for you

Japan eyes nuclear for a fifth of electricity supply

1 hour ago

A fifth of Japan's electricity supply should come from nuclear power generation, the country's industry ministry said Tuesday, despite widespread opposition in the aftermath of the Fukushima disaster.

Sunfire, Audi en route to synthetic fuel of future

1 hour ago

How are scientific minds doing in coming up with a synthetic fuel as a viable alternative to petroleum? For some engineers, this is a long-held dream they refuse to dismiss. A Dresden-based company, sunfire, ...

Yahoo unveils new online video series

3 hours ago

US Internet giant Yahoo said it was expanding its online offerings, unveiling 18 new video series with which it hopes to attract a larger audience and advertisers.

Apple's Mac is selling strong, iPad not so much

4 hours ago

Apple's iPhone was again the company's star in the first three months of the year. The tech giant sold 61 million iPhones, or 40 percent more than in the same period a year ago. That represented about two-thirds ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.