Experience of Implementation of the Protocol TLS 1.3 Verification

This paper presents the experience of verifying server implementations of the TLS cryptographic protocol version 1.3. TLS is a widely used cryptographic protocol designed to create secure data transmission channels and provides the necessary functionality for this: confidentiality of the transmitted data, data integrity, and authentication of the parties. The new version 1.3 of the TLS protocol was introduced in August 2018 and has a number of significant differences compared to the previous version 1.2. A number of TLS developers have already included support for the latest version in their implementations. These circumstances make it relevant to do research in the field of verification and security of the new TLS protocol implementations. We used a new test suite for verifying implementations of the TLS 1.3 for compliance with Internet specifications, developed on the basis of the RFC8446, using UniTESK technology and mutation testing methods. The current work is part of the TLS 1.3 protocol verification project and covers some of the additional functionality and optional protocol extensions. To test implementations for compliance with formal specifications, UniTESK technology is used, which provides testing automation tools based on the use of finite state machines. The states of the system under test define the states of the state machine, and the test effects are the transitions of this machine. When performing a transition, the specified impact is passed to the implementation under test, after which the implementation's reactions are recorded and a verdict is automatically made on the compliance of the observed behavior with the specification. Mutational testing methods are used to detect non-standard behavior of the system under test by transmitting incorrect data. Some changes are made to the protocol exchange flow created in accordance with the specification: either the values of the message fields formed on the basis of the developed protocol model are changed, or the order of messages in the exchange flow is changed. The protocol model allows one to make changes to the data flow at any stage of the network exchange, which allows the test scenario to pass through all the significant states of the protocol and in each such state to test the implementation in accordance with the specified program. So far, several implementations have been found to deviate from the specification. The presented approach has proven effective in several of our projects when testing network protocols, providing detection of various deviations from the specification and other errors.

100 kW Three-Phase Wireless Charger for EV: Experimental Validation Adopting Opposition Method

This paper presents the experimental validation, using the opposition method, of a high-power three-phase Wireless-Power-Transfer (WPT) system for automotive applications. The system under test consists of three coils with circular sector shape overlapped to minimize the mutual cross-coupling, a three-phase inverter at primary side and a three-phase rectifier at receiver side. In fact thanks to the delta configuration used to connect the coils of the electromagnetic structure, a three-phase Silicon Carbide (SiC) inverter is driving the transmitter side. The resonance tank capacitors are placed outside of the delta configuration reducing in this way their voltage sizing. This WPT system is used as a 100 kW–85 kHz ultrafast battery charger for light delivery vehicle directly supplied by the power grid of tramways. The adopted test-bench for the WPT charger consists of adding circulating boost converter to the system under test to perform the opposition method technique. The experimental results prove the effectiveness of the proposed structure together with the validation of fully exploited simulation analysis. This is demonstrated by transferring 100 kW with more than 94% DC-to-DC efficiency over 50 mm air gap in aligned conditions. Furthermore, testing of Zero-Current and Zero-Voltage commutations are performed to test the performance of SiC technology employed.

Verification of security properties of the TLS 1.3 extensions

This paper presents the experience of verifying server implementations of the TLS cryptographic protocol version 1.3. TLS is a widely used cryptographic protocol designed to create secure data transmission channels and provides the necessary functionality for this: confidentiality of the transmitted data, data integrity, and authentication of the parties. The new version 1.3 of the TLS protocol was introduced in August 2018 and has a number of significant differences compared to the previous version 1.2. A number of TLS developers have already included support for the latest version in their implementations. These circumstances make it relevant to do research in the field of verification and security of the new TLS protocol implementations. We used a new test suite for verifying implementations of the TLS 1.3 for compliance with Internet specifications, developed on the basis of the RFC8446, using UniTESK technology and mutation testing methods. The current work is part of the TLS 1.3 protocol verification project and covers some of the additional functionality and optional protocol extensions. To test implementations for compliance with formal specifications, UniTESK technology is used, which provides testing automation tools based on the use of finite state machines. The states of the system under test define the states of the state machine, and the test effects are the transitions of this machine. When performing a transition, the specified impact is passed to the implementation under test, after which the implementation's reactions are recorded and a verdict is automatically made on the compliance of the observed behavior with the specification. Mutational testing methods are used to detect non-standard behavior of the system under test by transmitting incorrect data. Some changes are made to the protocol exchange flow created in accordance with the specification: either the values of the message fields formed on the basis of the developed protocol model are changed, or the order of messages in the exchange flow is changed. The protocol model allows one to make changes to the data flow at any stage of the network exchange, which allows the test scenario to pass through all the significant states of the protocol and in each such state to test the implementation in accordance with the specified program. So far, several implementations have been found to deviate from the specification. The presented approach has proven effective in several of our projects when testing network protocols, providing detection of various deviations from the specification and other errors.

Automatização de oráculos de teste para imagens médicas de modelos tridimensionais

Oráculos de teste determinam se uma execução de um SUT (do inglês, System Under Test) está correta ou não. Entretanto, dependendo da natureza dos dados produzidos pelo sistema, o SUT é conhecido como sistema de saı́da complexa, tornando a automatização dos oráculos um desafio. Sistemas na área de sáude, em particular, que analisam imagens tridimensionais, exemplificam um tipo de sistema de saı́da complexa. Um dos desafios associados a sistemas que analisam imagens tridimensionais é saber se a saı́da produzida está cor- reta ou não. O fato de se tratar de um sistema de saı́da complexa torna essa tarefa mais difı́cil, fazendo com que estratégias ad-hoc e manuais sejam aplica- das. Nesse trabalho de mestrado procurou-se contribuir por meio da definição de oráculos de teste baseados na extração de caracterı́sticas das saı́das do sis- tema. A abordagem proposta foi aplicada especificamente em sistemas cujas saı́das consistem em imagens sintéticas tridimensionais de vasos sanguı́neos. Para tanto, é explorado o framework O-FIm/CO (do inglês, Oracle for Images and Complex Outputs), que utiliza conceitos de CBIR (do inglês, Content-Based Image Retrieval) como uma forma de automatizar oráculos de teste. Além de adaptações e extensões do framework, desenvolveram-se plug-ins, que repre- sentam extratores de caracterı́sticas para imagens sintéticas tridimensionais de vasos sanguı́neos. Dois estudos experimentais foram conduzidos objetivando avaliar a eficácia e a precisão dos oráculos de teste baseados em caracterı́sticas na avaliação desse tipo de imagem. Além disso, realizou-se um estudo experi- mental comparando oráculos automatizados e oráculos humanos. Os resultados evidenciam a eficácia da abordagem como uma estratégia promissora para au- tomatizar atividades de teste, contribuindo para a redução de tempo e esforços gerados por abordagens manuais durante a avaliação da qualidade de sistemas geradores de imagens médicas tridimensionais.

Estimating the performance efficiency of ERP system with the relational database in a heterogenic environment

The article presents a study of the performance of a commercial ERP system, operating in the 2W model with a relational database installed on the IBM mainframe platform, as well as business logic and presentation server installed on the Windows Server platform. The study was carried out in accordance with the developed methodology by means of recording the time of performing system functions indicated in the own document “Time-use profile of the ERP system under test”. Consulting sessions were also held. Based on the results of the research, a recommendation was made to migrate production relational databases to the Windows Server environment. Keywords: IT, relational database, ERP, MRPII, three-layer architecture, application performance.

Generating Effective Test Suite for Multiparameter Software using ACTS Tool and its Verification using Code Coverage Tools

Combinatorial testing is a practical method to test software with multiple input parameters. National Institute of Standards and Technology has developed tools which aid combinatorial testing. ACTS is one such tool which is freely available to users. In spite of this, very few software being developed are being tested systematically. In this paper we explore the effectiveness and suitability of ACTS tool to test software which has a m ultiparameter input. We chose a Java based software, College Time Table, a software which involves multiparameter input, as system under test. We could achieve 90% coverage of instructions, line, method and 100% class coverage with practical time and effort with ACTS tool. The process involved in getting above mentioned results is documented in this paper. Empirical data generated with the code coverage confirms the effectiveness of ACTS generated test suite for a simple project.