- Sponsored by:
Home 
Reports
Information Technology
Content
Automated analysis of security-sensitive protocols
next article
26.10.2005
The sheer number and variety of security protocols for Internet applications under development makes it difficult to be sure that any one protocol is 100 per cent secure from attack. Now an automated tool can systematically validate these security-sensitive protocols and applications.
"The AVISPA software tool enables a security protocol designer to input the protocol and the language he/she wishes to use, then feeds back information on this protocol including any known bugs or security weaknesses,” says Professor Alessandro Armando of the University of Genoa’s Artificial Intelligence Laboratory (DIST) and coordinator of the IST programme-backed Future and Emerging Technologies project AVISPA. “Previously such protocol designers had no automated support to help them in their design role – that is the purpose of the AVISPA tool."
Secure protocols are a vital element in carrying out safe online interactions between a user’s Web browser and a company Web server, for example a bank’s Web server in an online banking application. Though such protocols might look simple, they can often be extremely difficult to get absolutely right, such as with no bugs or weaknesses in the protocol.
Armando quotes the classic example of the Needham-Schroeder public-key protocol, which was first published in 1978 as a means of mutual authentication between two parties using public-key cryptography. The protocol was eventually found to be vulnerable to simple attacks in 1996, eighteen years later!
AVISPA participants aimed to develop a push-button, industrial-strength technology for the analysis of such security-sensitive Internet protocols and applications. The project finished in July 2005 with the release of the AVISPA tool, which is a simple software application that runs on a PC or via a Web interface. It can be accessed online, and offers both a Basic and an Expert mode.
The consortium partners believe that this new tool will help speed the development of the next generation of security protocols, and improve their security in the process.
Project partner Siemens has already discovered a weakness in one of its own protocols using the tool, and has revised the protocol and issued a new patent accordingly. The partners have also been joined by SAP and submitted the AVISPA results for inclusion into a potential new IST project AVACOSS which will analyse more complex security-sensitive applications.
Tara Morris | Source: alphagalileo
Further information: istresults.cordis.lu/
next article
More articles from 
Information Technology:
Boosting the capabilities of emergency relief efforts
13.10.2008 | ICT Results
Innovative search for world’s biggest physics laboratory
08.10.2008 | Fraunhofer-Institut fuer Graphische Datenverarbeitung IGD
Top
Send this article
PrintAdditional Sponsors | |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 | |
 |
 |
 |
 |
 | |
 |
 |
 | |
 |
 |
 |
 |
 |  |
 |
|
 |
 |
 |
 |
 |
 |
 | |
 |
 |
 | |
  | |
  | |
 |
 |
 |
 |
 | |
 |
 |
 | |
 | |
 | |
 |
|
 | |
 | |
 | |
 | |
 | |
B2B Search
Company / Organisation
Latest News
Brightening the future for optical circuits
13.10.2008 | Physics and Astronomy
Scientists discover bacteria that can cause bone infections
13.10.2008 | Life Sciences
Europe Rallies Behind Nanotechnology To Wean World From Fossil Fuels
13.10.2008 | Ecology, The Environment and Conservation
Home 
About us 
Partner 
Contact 
Sitemap 
find and help 
Deutsch
Disclaimer
2000-2008 by innovations-report