Lars-Åke Fredlund, Clara Benac Earle, T. Arts, Hans Svensson
{"title":"Gaining trust by tracing security protocols","authors":"Lars-Åke Fredlund, Clara Benac Earle, T. Arts, Hans Svensson","doi":"10.1145/3331542.3342573","DOIUrl":null,"url":null,"abstract":"In this article we test an Erlang implementation of the Noise Protocol Framework, using a novel form of white-box testing. We extend interoperability testing of an Erlang enoise implementation against an implementation of Noise in C. Testing typically performs a noise protocol handshake between the two implementations. If successful, then both implementations are somehow compatible. But this does, for example, not detect whether we reuse keys that have to be newly generated. Therefore we extend such operability testing: During the handshake the Erlang noise implementation is traced. The resulting protocol trace is refactored, obtaining as the end result a symbolic description (a functional term) of how key protocol values are constructed using cryptographic operations and keys. Therafter, this symbolic term is compared, using term rewriting, with a symbolic term representing the ideal symbolic execution of the tested noise protocol handshake (i.e., the \"semantics\" of the handshake). The semantic symbolic term is obtained by executing a symbolic implementation of the noise protocol that we have developed.","PeriodicalId":115673,"journal":{"name":"Proceedings of the 18th ACM SIGPLAN International Workshop on Erlang","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th ACM SIGPLAN International Workshop on Erlang","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3331542.3342573","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In this article we test an Erlang implementation of the Noise Protocol Framework, using a novel form of white-box testing. We extend interoperability testing of an Erlang enoise implementation against an implementation of Noise in C. Testing typically performs a noise protocol handshake between the two implementations. If successful, then both implementations are somehow compatible. But this does, for example, not detect whether we reuse keys that have to be newly generated. Therefore we extend such operability testing: During the handshake the Erlang noise implementation is traced. The resulting protocol trace is refactored, obtaining as the end result a symbolic description (a functional term) of how key protocol values are constructed using cryptographic operations and keys. Therafter, this symbolic term is compared, using term rewriting, with a symbolic term representing the ideal symbolic execution of the tested noise protocol handshake (i.e., the "semantics" of the handshake). The semantic symbolic term is obtained by executing a symbolic implementation of the noise protocol that we have developed.