Title: Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing
Authors: Iaroslav Gridin and Antonis Michalas
Venue: 26th International Conference on Information and Communications Security (ICICS’24), 26—28 August, 2024, Mytilene, Greece.
Research Artifact: CODE
Abstract: Automated Cryptographic Validation Protocol (ACVP) is an existing protocol that is used to validate a software or hardware cryptographic module automatically. In this work, we present a system providing the method and tools to produce well-covering tests in ACVP format for cryptographic libraries. The system achieves better coverage than existing fuzzing methods by using a hybrid approach to fuzzing cryptographic primitives. In addition, the system offers a framework that allows to creates easily and securely create testing modules for cryptographic libraries. The work demonstrates how this system has been used to improve automated testing of NSS (Network Security Services), a popular cryptographic library, detect its vulnerabilities and suggest ways to improve and further develop the ACVP test format.
