Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing
- URL: http://arxiv.org/abs/2407.08535v1
- Date: Thu, 11 Jul 2024 14:21:48 GMT
- Title: Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing
- Authors: Iaroslav Gridin, Antonis Michalas,
- Abstract summary: We present a system providing the method and tools to produce well-covering tests in ACVP format for cryptographic libraries.
The system achieves better coverage than existing fuzzing methods by using a hybrid approach to fuzzing cryptographic primitives.
- Score: 1.6651146574124565
- License: http://creativecommons.org/licenses/by-sa/4.0/
- Abstract: Automated Cryptographic Validation Protocol (ACVP) is an existing protocol that is used to validate a software or hardware cryptographic module automatically. In this work, we present a system providing the method and tools to produce well-covering tests in ACVP format for cryptographic libraries. The system achieves better coverage than existing fuzzing methods by using a hybrid approach to fuzzing cryptographic primitives. In addition, the system offers a framework that allows to creates easily and securely create testing modules for cryptographic libraries. The work demonstrates how this system has been used to improve automated testing of NSS (Network Security Services), a popular cryptographic library, detect its vulnerabilities and suggest ways to improve and further develop the ACVP test format.
Related papers
- CryptoFormalEval: Integrating LLMs and Formal Verification for Automated Cryptographic Protocol Vulnerability Detection [41.94295877935867]
We introduce a benchmark to assess the ability of Large Language Models to autonomously identify vulnerabilities in new cryptographic protocols.
We created a dataset of novel, flawed, communication protocols and designed a method to automatically verify the vulnerabilities found by the AI agents.
arXiv Detail & Related papers (2024-11-20T14:16:55Z) - FoC: Figure out the Cryptographic Functions in Stripped Binaries with LLMs [54.27040631527217]
We propose a novel framework called FoC to Figure out the Cryptographic functions in stripped binaries.
We first build a binary large language model (FoC-BinLLM) to summarize the semantics of cryptographic functions in natural language.
We then build a binary code similarity model (FoC-Sim) upon the FoC-BinLLM to create change-sensitive representations and use it to retrieve similar implementations of unknown cryptographic functions in a database.
arXiv Detail & Related papers (2024-03-27T09:45:33Z) - DT-SIM: Property-Based Testing for MPC Security [2.0308771704846245]
Property-based testing is effective for detecting security bugs in secure protocols.
We specifically target Secure Multi-Party Computation (MPC)
We devise a test that can detect various flaws in a bit-level implementation of an MPC protocol.
arXiv Detail & Related papers (2024-03-08T02:02:24Z) - Secure Synthesis of Distributed Cryptographic Applications (Technical Report) [1.9707603524984119]
We advocate using secure program partitioning to synthesize cryptographic applications.
This approach is promising, but formal results for the security of such compilers are limited in scope.
We develop a compiler security proof that handles subtleties essential for robust, efficient applications.
arXiv Detail & Related papers (2024-01-06T02:57:44Z) - Zero-Shot Detection of Machine-Generated Codes [83.0342513054389]
This work proposes a training-free approach for the detection of LLMs-generated codes.
We find that existing training-based or zero-shot text detectors are ineffective in detecting code.
Our method exhibits robustness against revision attacks and generalizes well to Java codes.
arXiv Detail & Related papers (2023-10-08T10:08:21Z) - CryptoBap: A Binary Analysis Platform for Cryptographic Protocols [6.514727189942011]
We introduce CryptoBap, a platform to verify weak secrecy and authentication for cryptographic protocols.
We achieve this by first transpiling the binary of protocols into an intermediate representation and then performing a crypto-aware symbolic execution.
We prove the soundness of the proposed approach and used CryptoBap to verify multiple case studies ranging from toy examples to real-world protocols.
arXiv Detail & Related papers (2023-08-28T09:41:45Z) - A Security Verification Framework of Cryptographic Protocols Using
Machine Learning [0.0]
We propose a security verification framework for cryptographic protocols using machine learning.
We create arbitrarily large datasets by automatically generating random protocols and assigning security labels to them.
We evaluate the proposed method by applying it to verification of practical cryptographic protocols.
arXiv Detail & Related papers (2023-04-26T02:37:43Z) - Secure access system using signature verification over tablet PC [62.21072852729544]
We describe a highly versatile and scalable prototype for Web-based secure access using signature verification.
The proposed architecture can be easily extended to work with different kinds of sensors and large-scale databases.
arXiv Detail & Related papers (2023-01-11T11:05:47Z) - SafePILCO: a software tool for safe and data-efficient policy synthesis [67.17251247987187]
SafePILCO is a software tool for safe and data-efficient policy search with reinforcement learning.
It extends the known PILCO algorithm, originally written in Python, to support safe learning.
arXiv Detail & Related papers (2020-08-07T17:17:30Z) - LabelEnc: A New Intermediate Supervision Method for Object Detection [78.74368141062797]
We propose a new intermediate supervision method, named LabelEnc, to boost the training of object detection systems.
The key idea is to introduce a novel label encoding function, mapping the ground-truth labels into latent embedding.
Experiments show our method improves a variety of detection systems by around 2% on COCO dataset.
arXiv Detail & Related papers (2020-07-07T08:55:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.