Skip to main content

Advertisement

Springer Nature Link
Log in

A property-based testing framework for encryption programs

  • Research Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

In recent years, a variety of encryption algorithms were proposed to enhance the security of software and systems. Validating whether encryption algorithms are correctly implemented is a challenging issue. Software testing delivers an effective and practical solution, but it also faces the oracle problem (that is, under many practical situations, it is impossible or too computationally expensive to know whether the output for any given input is correct). In this paper, we propose a property-based approach to testing encryption programs in the absence of oracles. Our approach makes use of the so-called metamorphic properties of encryption algorithms to generate test cases and verify test results. Two case studies were conducted to illustrate the proposed approach and validate its effectiveness. Experimental results show that even without oracles, the proposed approach can detect nearly 50% inserted faults with at most three metamorphic relations (MRs) and fifty test cases.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Menezes A J, Oorschot P C, Vanstone S A. Handbook of Applied Cryptography. Boca Raton: Chemical Rubber Company Press Inc., 1996

    Book  Google Scholar 

  2. Cremers C J. The scyther tool: verification, falsification, and analysis of security protocols. In: Proceedings of the 20th International Conference on Computer Aided Verification. 2008, 414–418

    Chapter  Google Scholar 

  3. O’Shea N. Using Elyjah to analyse java implementations of cryptographic protocols. In: Proceedings of the 2008 Joint Workshop on Foundations of Computer Security, Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security. 2008, 156–163

    Google Scholar 

  4. Udrea O, Lumezanu C, Foster J S. Rule-based static analysis of network protocol implementations. Information and Computation, 2008, 206(2–4): 130–157

    Article  MATH  MathSciNet  Google Scholar 

  5. Avalle M, Pironti A, Sisto R. Formal verification of security protocol implementations: a survey. Formal Aspects of Computing, 2012, 24(12): 1–25

    MathSciNet  Google Scholar 

  6. Blanchet B. Security protocol verification: symbolic and computational models. In: Proceedings of the 1st International Conference on Principles of Security and Trust. 2012, 3–29

    Chapter  Google Scholar 

  7. Blanchet B. An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations. 2001, 82–96

    Google Scholar 

  8. Denker G, Meseguer J, Talcott C. Protocol specification and analysis in maude. In: Proceedings of the 1998 Workshop on Formal Methods and Security Protocols. 1998, 1–19

    Google Scholar 

  9. Armando A, Compagna L, Ganty P. Sat-based model-checking of security protocols using planning graph analysis. In: Proceedings of 2003 International Symposium on Formal Methods Europe. 2003, 875–893

    Google Scholar 

  10. Hadjicostis C N. Stochastic testing of finite state machines. In: Proceedings of the 2001 American Control Conference. 2001, 6: 4568–4573

    Google Scholar 

  11. Soto J. Randomness testing of the AES candidate algorithms. Internal Report 6390 of National Institute of Standards and Technology. 1999, 1–9

    Google Scholar 

  12. Weyuker E J. On testing non-testable programs. The Computer Journal. 1982, 25(4): 465–470

    Article  Google Scholar 

  13. Chen T Y, Cheung S, Yiu S. Metamorphic testing: a new approach for generating next test cases. HKUST-CS98-01 Technical Report, Hong Kong University of Science and Technology. 2008

    Google Scholar 

  14. Hill L. Cryptography in an algebraic alphabet. Mathematical Association of America, 1929, 306–312

  15. Rivest R L, Shamir A, Adleman L. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 1978, 21(2): 120–126

    Article  MATH  MathSciNet  Google Scholar 

  16. Zhou Z Q, Huang D, Tse T H, Yang Z, Huang H, Chen T Y. Metamorphic testing and its applications. In: Proceedings of the 8th International Symposium on Future Software Technology. 2004, 1–6

    Google Scholar 

  17. Sun C A, Wang G, Mu B, Liu H, Wang Z, Chen T Y. A metamorphic relation-based approach to testing web services without oracles. International Journal of Web Services Research, 2012, 9(1): 51–73

    Article  Google Scholar 

  18. Chen T Y, Ho J W, Liu H, Xie X. An innovative approach for testing bioinformatics programs using metamorphic testing. BMC Bioinformatics, 2009, 10: 24

    Article  Google Scholar 

  19. Murphy C, Kaiser G E, Hu L, Wu L. Properties of machine learning applications for use in metamorphic testing. In: Proceedings of the 20th International Conference on Software Engineering and Knowledge Engineering. 2008, 867–872

    Google Scholar 

  20. Zhou Z Q, Zhang S, Hagenbuchner M, Tse T H, Kuo F C, Chen T Y. Automated functional testing of online search services. Journal of Software Testing, Verification and Reliability, 2012, 22(4): 221–243

    Article  Google Scholar 

  21. Chen T Y. Metamorphic testing: a simple approach to alleviate the oracle problem. In: Proceedings of the 5th IEEE International Symposium on Service Oriented System Engineering. 2010, 1–2

    Google Scholar 

  22. DeMillo R, Lipton R J, Sayward F G. Hints on test data selection: help for the practicing programmer. IEEE Computer, 1978, 11(4): 34–41

    Article  Google Scholar 

  23. Sun C A, Wang G, Cai K Y, Chen T Y. Distribution-aware mutation analysis. In: Proceedings of the 9th International Workshop on Software Cybernetics, in conjunction with the 36th IEEE International Computer Software and Application Conference. 2012, 170–175

    Google Scholar 

  24. Chen T Y, Huang D, Tse T, Zhou Z Q. Case studies on the selection of useful relations in metamorphic testing. In: Proceedings of the 4th Ibero-American Symposium on Software Engineering and Knowledge Engineering. 2004, 569–583

    Google Scholar 

  25. Wang R, Ben K. Classification of metamorphic relations and its application. American Journal of Engineering and Technology Research, 2011, 11(12): 1664–1668

    Google Scholar 

  26. Murphy C. Metamorphic testing techniques to detect defects in applications without test oracles. PhD thesis. Columbia: Columbia University, 2010

    Google Scholar 

  27. Andrews J H, Briand L C, Labiche Y. Is mutation an appropriate tool for testing experiments? In: Proceedings of the 27th International Conference on Software Engineering. 2005, 402–411

    Google Scholar 

  28. Delamaro M E, Maldonado J C, Vincenzi A M R. Proteum/IM 2.0: an integrated mutation testing environment. In: Proceedings of the 2000 International Symposium on Mutation. 2000, 91–101

    Google Scholar 

  29. Mahmoud A Y, Chefranov A G. Hill cipher modification based on eigenvalues HCM-EE. In: Proceedings of the 2nd International Con ference on Security of Information and Networks. 2009, 164–167

    Google Scholar 

  30. H. B. Zeng. Teaching the RSA algorithm using spreadsheets. Journal of Computing Sciences in Colleges, 2012, 28(1): 18–24

    Google Scholar 

  31. Desoky A, Madhusoodhanan A P. Bitwise hill crypto system. In: Proceedings of the 2011 IEEE International Symposium on Signal Processing and Information Technology. 2011, 80–85

    Chapter  Google Scholar 

  32. Acharya B, Shukla S K, Panigrahy S K, Patra S K, Panda G. Cryptosystem and its application to image encryption. In: Proceedings of the 2009 International Conference on Advances in Computing, Control, and Telecommunication Technologies. 2009, 720–724

    Chapter  Google Scholar 

  33. Ron S, Zheng Y. An advantage of low-exponent RSA with modulus primes sharing least significant bits. In: Proceedings of the 2001 International Conference on Topics in Cryptology, the Cryptographer’s Track at RSA. 2001, 52–62

    Google Scholar 

  34. Boldyreva A. Strengthening security of RSA-OAEP. In: Proceedings of the 2009 International Conference on Topics in Cryptology, the Cryptographer’s Track at RSA. 2009, 399–413

    Chapter  Google Scholar 

  35. Su G, Liu Z C, Yao X C, Yin X W. A test method of sequence randomness of information security system. Chinese Journal of Computer Engineering, 2006, 32(8): 153–154

    Google Scholar 

  36. Shi G D, Kang F, Gu H W. Research and Implementation of Randomness Tests. Chinese Journal of Computer Engineering, 2009, 35(20): 145–150

    Google Scholar 

  37. Mohamed E M, El-Etriby S, Abdul-kader H S. Randomness testing of modern encryption techniques in cloud environment. In: Proceedings of the 8th International Conference on Informatics and Systems. 2012, CC-1–CC-6

    Google Scholar 

  38. Rukhin A, Soto J, Nechvatal J, Smin M, Barker E, Leigh S, Levenson M, Vangel M, Banks D, Heckert A, Dray J, Vo S. A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical Report of National Institute of Standards and Technology. 2001

    Google Scholar 

  39. Zhang B, Yang Y S, Gao J P. On the randomness test and its incompleteness. Journal of Tsinghua University (Science and Technology), 2011, 51(10): 1269–1273

    Google Scholar 

  40. Goubault-Larrecq J, Parrennes F. Cryptographic protocol analysis on real c code. In: Proceedings of the 6th International Conference on Verification, Model Checking, and Abstract Interpretation. 2005, 363–379

    Chapter  Google Scholar 

  41. Dupressoir F, Gordon A D, Jurjens J, Naumann D A. Guiding a general-purpose C verifier to prove cryptographic protocols. In: Proceedings of the 24th IEEE Computer Security Foundations Symposium. 2011, 3–17

    Google Scholar 

  42. Bodei C, Buchholtz M, Degano, Nielson F, Nielson H R. Automatic validation of protocol narration. In: Proceedings of the 16th IEEE Workshop on Computer Security Foundations. 2003, 126–140

    Google Scholar 

  43. Bhargavan K, Fournet C, Gordon A D, Tse S. Verified interoperable implementations of security protocols. ACM Transactions on Programming Languages and Systems, 2008, 31(1): 1–61

    Google Scholar 

  44. Aizatulin M, Gordon A D, Jürjens J. Extracting and verifying cryptographic models from C protocol code by symbolic execution. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. 2011, 331–340

    Google Scholar 

  45. Jurjens J. Security analysis of crypto-based java programs using automated theorem provers. In: Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering. 2006, 167–176

    Chapter  Google Scholar 

  46. Bertoni G, Breveglieri L, Koren I, Maistri P, Piuri V. A parity code based fault detection for an implementation of the advanced encryption standard. In: Proceedings of the 17th IEEE International Symposium on Defect and Fault-Tolerance in VLSI Systems. 2002, 51–59

    Google Scholar 

  47. Announcing the Advanced Encryption Standard. Federal Information Processing Standards Publication 197. 2001

  48. Mozaffari-Kermani M, Reyhani-Masoleh A. Fault detection structures of the S-boxes and the inverse S-boxes for the advanced encryption standard. Journal of Electronic Testing, 2009, 25(4–5): 225–245

    Article  Google Scholar 

  49. Ding J, Wu T, Lu J Q, Hu X H. Self-checked metamorphic testing of an image processing program. In: Proceedings of the 4th International Conference on Secure Software Integration and Reliability Improvement. 2010, 190–197

    Google Scholar 

  50. Tse T H, Yau S S, Chan W K, Lu H, Chen T Y. Testing context sensitive middleware-based software applications. In: Proceedings of the 28th Annual International Computer Software and Applications Conference. 2004, 458–466

    Google Scholar 

  51. Chan W K, Chen T Y, Lu H. A metamorphic approach to integration testing of context-sensitive middleware-based applications. In: Proceedings of the 5th International Conference on Quality Software. 2005, 241–249

    Google Scholar 

  52. Myers G J, Sandler C, Badgett T. The Art of Software Testing. 3rd Edition. Wiley Publishing, 2011

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer and Communication Engineering, University of Science and Technology Beijing, Beijing, 100083, China

    Chang-ai Sun, Zuoyi Wang & Guan Wang

  2. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China

    Chang-ai Sun

Authors
  1. Chang-ai Sun
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Zuoyi Wang
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Guan Wang
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Chang-ai Sun.

Additional information

Chang-ai Sun is an associate professor at School of Computer and Communication Engineering, University of Science and Technology Beijing, China. Before that, he was an assistant professor at Beijing Jiaotong University, China, a postdoctoral fellow at Swinburne University of Technology, Australia, and a postdoctoral fellow at University of Groningen, the Netherlands. He received a bachelor degree in computer science from University of Science and Technology Beijing, China, and a PhD degree in computer science from Beihang University, China. His research interests include software testing, software architecture, and service-oriented computing.

Zuoyi Wang is a master student at School of Computer and Communication Engineering, University of Science and Technology Beijing, China. She received a bachelor degree in computer science from University of Science and Technology Beijing, China. Her research interests are software testing and service-oriented computing.

Guan Wang is a master student at School of Computer and Communication Engineering, University of Science and Technology Beijing, China. He received a bachelor degree in computer science from University of Science and Technology Beijing, China. His research interests are software testing and service-oriented computing.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Sun, Ca., Wang, Z. & Wang, G. A property-based testing framework for encryption programs. Front. Comput. Sci. 8, 478–489 (2014). https://doi.org/10.1007/s11704-014-3040-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-014-3040-y

Keywords