Cyber security award goes to Poll and De Ruiter

25 March 2016

During ICT.OPEN 2016 on March 22, 2016, the research paper “Protocol state fuzzing of TLS implementations”, by Joeri de Ruiter and Erik Poll, was unanimously selected by the Jury as winning paper in the 2016 Dutch Cyber Security best Research paper Award (DCSRA) competition. Co-author, Erik Poll, received the Award from Srdjan Capkun, member of the International DCSRA Jury 2016.

Johan Arts (IBM), Erik Poll (RUN)

Bonus cheque from IBM
Erik Poll, representing the winning team of authors, also received a special bonus from IBM, a €500 cheque from IBM Director Security Software Europe, Johan Arts.

International Jury
The jury members, Prof. Srdjan Capkun (Switzerland), Dr. Wee Keong Ng (Singapore) and Prof. Bart Preneel (Belgium), individually ranked and collectively decided on the quality of the papers for the Dutch Cyber Security Research Award (DCSRA) 2016. During the ICT.OPEN 2016 track “New Challenges in Cyber Security and Privacy” all five invited authors received a signed certificate in support of their highly appreciated research paper.

The jury report:
Transport Layer Security (TLS) protocol implementations are very important in today’s internet security.
The paper uses an existing tool for black box analysis (state machine learning) techniques to recover the protocol state machine of commonly used implementation of TLS. Several new flaws were revealed, and it is also shown that several implementations have state machines which are more complex than needed. A clear conclusion is that state machines should be included in official protocol specifications to reduce implementation freedom. This approach has also been used for another security protocol (EMV). All in all, the Jury likes this paper very much for the solid scientific approach, the impact, the relevance, the excellent quality of the write-up and the conclusions with clear recommendations.


Source: NWO