• AutoSCA: Automated vulnerability analysis of cryptographic protocols

    achelos improves software development in security-relevant industrial 

Advancements in Industrie 4.0 are driving forward the networking of systems and machines, the Industrial Internet of Things (IIoT). This heightened networking serves as a pivotal stepping stone towards the intelligent, adaptable ‘factory of the future’, offering unprecedented potential for process optimisation. At the same time, however, this expansion also amplifies the vulnerability of a company’s IT infrastructure to possible cyber threats. As a result, the continuous reinforcement of IT security in companies is of paramount importance, enabling the rapid detection and assessment of both existing and emerging security risks.

Logo BMBF - en

AutoSCA

AutoSCA: Automated vulnerability analysis of cryptographic protocols

 

Project duration

05/2020 - 04/2022

 

Project partners

in the overall project

  • Universität Paderborn
  • Bergische Universität Wuppertal
  • achelos GmbH, Paderborn

Associated partners

  • TÜViT GmbH

 

Group Coordinator

 

 

Universität Paderborn

 

Project contribution by achelos (sub-project)

Automated TLS analysis tools based on machine learning

 

Project volume

€0.79 million (92% of which is funded by the Federal Ministry of Education and Research (BMBF))

 

Project sponsor

VDI/VDE Innovation + Technik GmbH

 

Project website (in German)

AutoSCA

 

Continuously assessing the efficacy of implemented protective measures poses a significant challenge within complex and heterogeneous system landscapes. This challenge is particularly pertinent in software security, given the often daunting volume of code lines. As a result, automated testing of the correctness of software implementations is essential to reduce the workload on specialised personnel. In the AutoSCA project, novel methods for automatically detecting vulnerabilities are being researched and refined. Effective and efficient automation is possible through the combination of new insights in IT security with artificial intelligence (AI) methods. The primary focus lies on vulnerabilities stemming from physical or logical side effects in implementations, commonly known as side channels. The developed methods are translated into a tool for automating the detection of software side channels, enabling thorough evaluation.

Classification in the Reference Architecture Model Industrie 4.0 (RAMI 4.0)

In interdisciplinary teams comprising cryptographers and machine learning experts, achelos cultivates expertise in machine learning fundamentals and appropriate machine learning methods. This knowledge is leveraged to uncover additional cryptographic vulnerabilities using achelos’ test suites for secure network protocols.

Within the AutoSCA framework, achelos aims to achieve the following objectives:

  • Cultivating expertise in machine learning fundamentals and methodologies by collaborating with the specialist groups involved, facilitating the discovery of cryptographic vulnerabilities
  • Improving the quality, in particular the test coverage of existing test suites through the algorithms developed within this funding project
  • Automate the generation of test data for seamless integration into existing test environments
  • Conduct field tests to assess practical usability

For more information on the AutoSCA funded project

Dr. Claudia Priesterjahn

Team Lead Research & Secure Communication Development

claudia.priesterjahn@achelos.de +49 5251 14212-0