It is very usual for protocol specifications to include flaws that have security implications. In other cases, protocol specifications leave room for a variety of implementation strategies, some of which lead to security vulnerabilities.
A number of companies offer robustness testing tools which generate unexpected protocol messages or message sequences, testing the readiness of an implementation to gracefully handle such messages, with the goal of finding implementation flaws (which seldomly have security implications). While these tools have their value inr helping improve the robustness of the assessed implementations, they cannot replace a thorough security assessment of a protocol and its corresponding implementation(s).
SI6 Networks provides world-class expertise in discovering protocol design and implementation flaws, and designing possible mitigations for the identified issues. We generally apply the following methdology when performing security assessment of a communications technology:
- A security assessent of the protocol specifications is performed, identifying protocol design flaws and potential implementation flaws
- Security assessment tools are produced such that implementations can be assessed with respect to the identified issues
- Exhaustive testing is performed with the target implementations
- Conter-measures for the identified vulnerabilities are designed, implemented, and tested
- Our findings are reported to the vendor, together with the possible mitigation techniques
- We pursue the standardization of our mitigation techniques, for the benefit of the community as a whole
We pride ourselves on our outstanding work in the area of communications protocols security, and are always keen to apply our expertise to new protocols and products. Please do not hesitate to contact us for any inquiries.