Proactively improving the security of protocol implementations
It is very usual for protocol specifications to include flaws that have security implications. In other cases, protocol specifications leave room for a variety of implementation strategies, some of which lead to security vulnerabilities.
A number of companies offer robustness testing tools which generate unexpected protocol messages or message sequences, testing the readiness of an implementation to gracefully handle such messages, with the goal of finding implementation flaws (which seldomly have security implications). While these tools have their value for helping improve the robustness of the assessed implementations, they provide no replacement for a thorough security assessment of a protocol and its corresponding implementations.
SI6 Networks provides world-class expertise in discovering protocol design and implementation flaws, and in designing possible mitigations for the identified issues. We generally apply the following methdology when performing a security assessment of a protocol implementations:
- A security assessent of the protocol specifications is performed, identifying protocol design flaws and potential implementation flaws
- Security assessment tools are produced such that implementations can be assessed with respect to the identified issues
- Exhaustive testing is performed with the target implementations
- Conter-measures for the identified vulnerabilities, are designed, implemented, and tested
- Out findings are reported to the vendor, together with the possible mitigation techniques
We pride ourselves on our outstanding work in the area of communications protocols security, and are always keen to apply our expertise to new protocols and products. Please do not hesitate to contact us for any inquiries.