TLS/SSL is one of the 3 essential cryptographic protocols used today (together with SSH and IPSec). It is widely used in securing e-commerce, Internet browsing, email, Voice over IP, and in almost every search and connection query made on the Internet today. All Internet browsers, including Internet Explorer, Mozilla Firefox, and Google Chrome, support TLS.
Despite its importance, TLS still presents many security flaws in its conception.
For many years, the complex structure of TLS 1.2 made it nearly impossible to analyze. Later breakthroughs in protocol analysis indicated a partially-sound design [JKS+12], [KPW13], [BFK+14]. However, attacks such as FREAK , LogJam, 3Shake, SKIP, SLOTH, Lucky 13, and DROWN bely such results, and raise concerns over the security of today's Internet use.As a consequence, a new version i.e. TLS 1.3 has recently been drafted.
Our project, SafeTLS, addresses the security of both TLS 1.3 and of TLS 1.2 as they are (expected to be) used, in three important ways:
* A better understanding: We will provide a better understanding of how TLS 1.2 and 1.3 are used in real-world applications.
* Empowering clients: By developing a tool that will show clients the quality of their TLS connection and inform them of potential security and privacy risks.
* Analyzing implementations: We will analyze the soundness of current TLS 1.2 implementations and use automated verification to provide a backbone of a secure TLS 1.3 implementation.