Even the smallest adjustments in TLS libraries can lead to far-reaching security vulnerabilities. With KoTeBi, we detect and prevent potential vulnerabilities before they are published.
// Prof. Dr. Juraj Somorovsky - University of Paderborn / CTO Hackmanit GmbH
KoTeBi-Icon KoTeBi-Icon KoTeBi-Icon KoTeBi-Icon

About KoTeBi //

The situation in software development

The Transport Layer Security (TLS) protocol is one of the most important security standards on computers and smartphones today. It is used to secure communication over the internet and is used, for example, when streaming videos.

However, human errors in the implementation of TLS and other encryption protocols repeatedly lead to security gaps. These are becoming increasingly challenging as they result from complex combinations of different protocol versions and their sub-steps. This complex interaction is extremely difficult to anticipate during software development. Comprehensive security tests can provide a remedy, provided they take this complexity sufficiently into account.

KoTeBi at a Glance

All the answers about the KoTeBi project in our short video (German). Our experts give you the insight.

// What is KoTeBi?
// Where is it used?
// How is the process working?

Goals of the KoTeBi Project

The goal of the project "Combinatorial testing of TLS libraries at all levels" (KoTeBi) is to identify and avoid vulnerabilities and compatibility problems during programming.

To achieve this, the researchers will develop a system that enables end-to-end testing of program libraries, which implement specific protocols.

To this end, the project participants are researching methods for the automated detection of security vulnerabilities, which result in particular from the combination of protocol versions and their sub-steps. The goal is to enable software developers to test their own implementations with the tool so that security is already ensured during the development process.

The KoTeBi Process

KoTeBi Prozessdiagram

Background and Details

Scientific presentation at the 20th German IT Security Congress (German).

Speaker:
◦ Conrad Schmidt (Hackmanit GmbH)
◦ Marcel Maehren (Ruhr-Universität Bochum)

Innovations and Prospects

If vulnerabilities in security-critical software applications are systematically and continuously recorded, this helps considerably to better secure services and products.

In the future, the project will enable the independent security analysis of in-house developments. This is promising, for example, with regard to new cryptographic procedures, which are increasingly needed today and in the future. This is because existing encryption protocols such as TLS were mostly developed for powerful computers. New methods are increasingly being developed for low-resource devices, such as those used in the Internet of Things.

In addition to employees in software development, testing institutes and supervisory authorities can also benefit from automated tests. For example, it is conceivable that the research results could be used for software certification tools. By making the development of communication protocols more secure, the researchers are making an important contribution to the future viability of Germany and Europe in a digital world.
Become a KoTeBi project partner now!
All details and specifications here ▶ ▶ ▶
KoTeBi-Icon KoTeBi-Icon KoTeBi-Icon KoTeBi-Icon
BMBF - KoTeBi-Partner Uni Paderborn / SICP - KoTeBi-Partner
Hackmanit GmbH - KoTeBi-Partner InnoZent OWL - KoTeBi-Partner Ruhr-Universität Bochum - KoTeBi-Partner
Funded by the Federal Ministry of Education and Research // Coordinator - University of Paderborn - SICP
Project Partners - Hackmanit GmbH Bochum, InnoZent OWL e.V., Ruhr-University Bochum
KoTeBi-Logo