Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing

Iaroslav Gridin; Antonis Michalas

doi:10.1007/978-981-97-8801-9_3

Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing

Iaroslav Gridin, Antonis Michalas

Tietotekniikka

Tutkimustuotos: Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

Abstrakti

Automated Cryptographic Validation Protocol (ACVP) is an existing protocol that is used to validate a software or hardware cryptographic module automatically. In this work, we present a system providing the method and tools to produce well-covering tests in ACVP format for cryptographic libraries. The system achieves better coverage than existing fuzzing methods by using a hybrid approach to fuzzing cryptographic primitives. In addition, the system offers a framework that allows to creates easily and securely create testing modules for cryptographic libraries. The work demonstrates how this system has been used to improve automated testing of NSS (Network Security Services), a popular cryptographic library, detect its vulnerabilities and suggest ways to improve and further develop the ACVP test format.

Alkuperäiskieli	Englanti
Otsikko	Information and Communications Security
Alaotsikko	26th International Conference, ICICS 2024, Mytilene, Greece, August 26–28, 2024, Proceedings, Part II
Sivut	43-62
Sivumäärä	20
ISBN (elektroninen)	978-981-97-8801-9
DOI - pysyväislinkit	https://doi.org/10.1007/978-981-97-8801-9_3
Tila	Julkaistu - 2024
OKM-julkaisutyyppi	A4 Artikkeli konferenssijulkaisussa
Tapahtuma	International Conference on Information and Communications Security - Mytilene, Kreikka Kesto: 26 elok. 2024 → 28 elok. 2024

Julkaisusarja

Nimi	Lecture Notes in Computer Science
Vuosikerta	15057
ISSN (elektroninen)	1611-3349

Conference

Conference	International Conference on Information and Communications Security
Maa/Alue	Kreikka
Kaupunki	Mytilene
Ajanjakso	26/08/24 → 28/08/24

Julkaisufoorumi-taso

Jufo-taso 1

Pääsy asiakirjaan

10.1007/978-981-97-8801-9_3

Siteeraa tätä

Gridin, I., & Michalas, A. (2024). Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing. teoksessa Information and Communications Security : 26th International Conference, ICICS 2024, Mytilene, Greece, August 26–28, 2024, Proceedings, Part II (Sivut 43-62). (Lecture Notes in Computer Science; Vuosikerta 15057). https://doi.org/10.1007/978-981-97-8801-9_3

@inproceedings{b2024d049272460382c6597ea362cc06,

title = "Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing",

abstract = "Automated Cryptographic Validation Protocol (ACVP) is an existing protocol that is used to validate a software or hardware cryptographic module automatically. In this work, we present a system providing the method and tools to produce well-covering tests in ACVP format for cryptographic libraries. The system achieves better coverage than existing fuzzing methods by using a hybrid approach to fuzzing cryptographic primitives. In addition, the system offers a framework that allows to creates easily and securely create testing modules for cryptographic libraries. The work demonstrates how this system has been used to improve automated testing of NSS (Network Security Services), a popular cryptographic library, detect its vulnerabilities and suggest ways to improve and further develop the ACVP test format.",

author = "Iaroslav Gridin and Antonis Michalas",

year = "2024",

doi = "10.1007/978-981-97-8801-9_3",

language = "English",

series = "Lecture Notes in Computer Science",

pages = "43--62",

booktitle = "Information and Communications Security",

note = "International Conference on Information and Communications Security ; Conference date: 26-08-2024 Through 28-08-2024",

}

Gridin, I & Michalas, A 2024, Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing. julkaisussa Information and Communications Security : 26th International Conference, ICICS 2024, Mytilene, Greece, August 26–28, 2024, Proceedings, Part II. Lecture Notes in Computer Science, Vuosikerta 15057, Sivut 43-62, International Conference on Information and Communications Security, Mytilene, Kreikka, 26/08/24. https://doi.org/10.1007/978-981-97-8801-9_3

Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing. / Gridin, Iaroslav ; Michalas, Antonis.
Information and Communications Security : 26th International Conference, ICICS 2024, Mytilene, Greece, August 26–28, 2024, Proceedings, Part II. 2024. s. 43-62 (Lecture Notes in Computer Science; Vuosikerta 15057).

Tutkimustuotos: Konferenssiartikkeli › Tieteellinen › vertaisarvioitu

TY - GEN

T1 - Point Intervention

T2 - International Conference on Information and Communications Security

AU - Gridin, Iaroslav

AU - Michalas, Antonis

PY - 2024

Y1 - 2024

N2 - Automated Cryptographic Validation Protocol (ACVP) is an existing protocol that is used to validate a software or hardware cryptographic module automatically. In this work, we present a system providing the method and tools to produce well-covering tests in ACVP format for cryptographic libraries. The system achieves better coverage than existing fuzzing methods by using a hybrid approach to fuzzing cryptographic primitives. In addition, the system offers a framework that allows to creates easily and securely create testing modules for cryptographic libraries. The work demonstrates how this system has been used to improve automated testing of NSS (Network Security Services), a popular cryptographic library, detect its vulnerabilities and suggest ways to improve and further develop the ACVP test format.

AB - Automated Cryptographic Validation Protocol (ACVP) is an existing protocol that is used to validate a software or hardware cryptographic module automatically. In this work, we present a system providing the method and tools to produce well-covering tests in ACVP format for cryptographic libraries. The system achieves better coverage than existing fuzzing methods by using a hybrid approach to fuzzing cryptographic primitives. In addition, the system offers a framework that allows to creates easily and securely create testing modules for cryptographic libraries. The work demonstrates how this system has been used to improve automated testing of NSS (Network Security Services), a popular cryptographic library, detect its vulnerabilities and suggest ways to improve and further develop the ACVP test format.

U2 - 10.1007/978-981-97-8801-9_3

DO - 10.1007/978-981-97-8801-9_3

M3 - Conference contribution

T3 - Lecture Notes in Computer Science

SP - 43

EP - 62

BT - Information and Communications Security

Y2 - 26 August 2024 through 28 August 2024

ER -

Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing

Abstrakti

Julkaisusarja

Conference

Julkaisufoorumi-taso

Pääsy asiakirjaan

Sormenjälki

Siteeraa tätä