About the project
Project Name: SCoP – Secure-by-design Communication Protocols
Create an open, secure and resource efficient infrastructure to engineer a modern basis for open messaging (for existing and emerging protocols) using type-safe languages and unikernels.
Over the past few decades, the usage of emails has been massively widespread by both individuals and companies. Billions of emails are sent every day and this number is expected to increase to reach 333 billion of emails exchanged daily in 2022. Moreover, end-users tend to delegate this task to third-party companies like Google and Microsoft, as managing internet communication software stacks became increasingly complex. Moreover, existing implementations of these communication services rely on ad-hoc methodologies and memory-unsafe languages, where minor developer errors could easily escalate into major security flaws. The centralization of communication services means that a successful attack is leading to major personal data breaches.
To fix this issue, this project aims to engineer a modern basis for open messaging that supports existing protocols such as emails but is also extensible and customizable for emerging protocols such as matrix. We will be building trustable implementations of these open protocols using type-safe languages and we will deploy these implementations as specialized, secure and resource efficient unikernels. They will become the basis of the communication system of OSMOSE, Tarides’ commercial solution for secure-by-design IoT infrastructure.
Every component of that system will be carefully designed as independent libraries, using modern development techniques to avoid the common reported threats and flaws. For instance, the implementation of protocol parsers and serializers will be written in a type-safe language and will be using fuzzing, e.g state-of-the-art coverage-driven test. The combination of these techniques will increase users’ trust to migrate their personal data to these new secure services.
Moreover, these techniques are also useful to produce a large and reusable corpus of test materials, and we also plan to release this corpus of tests separately for other implementations to use. It will give the tools to other developers to write the next-generation messaging applications by extending the existing protocols with more confidence.
Achievements from the first phase of the DAPSI programme
We generated a collection of emails to test our parser implementation against existing projects, and they keep equivalence between the encoder and decoder. We have successfully parsed and encoded 1 million emails!
Secondly, we implemented an SMTP extension mechanism and support for SPF, including an implementation for DMARC, a security framework in addition to DKIM and SPF. We’ve completed four components: SPF, DKIM, SMTP, and MrMIME, which can generate a correctly-signed email, signatures, and the DKIM field containing the signatures.
Next, we completed the Matrix protocol’s client library and we used it to enable notifications from the CI system testing all the new OCaml packages. We also developed an initial PoC for a Matrix’s server-side daemon.
Finally, we also made significant headway to implementing DNSSEC, which is a set of security extensions over DNS. While we completed our first investigation into the DNSSEC prototype, we also discovered several issues, so we’re currently working to address those as we head into Phase 2.
Since privacy and security concerns across the internet have increased over the past few years, the Tarides team has focused their efforts to address these issues and find solutions to protect both personal and professional data. The DAPSI project gave Tarides the incentive and inspiration to further explore an open and secure infrastructure for communication protocols, especially for emails. We truly enjoyed participating in the DAPSI project! We’re proud to have passed Phase 1, and we’re looking forward to Phase 2.The Tarides team