print · source · login   

Learning bankcard with a manual constructed mapper

The Mapper setup

To infer the state machines of implementations of the TLS protocol we used LearnLib, which uses a modified version of Angluinís L* algorithm. An implementation that is analysed is referred to as the System Under Test (SUT) and is considered to be a black box. LearnLib has to be provided with a list of messages it can send to the SUT (also known as the input alphabet), and a command to reset the SUT to its initial state. A test harness is needed to translate abstract messages from the input alphabet to concrete messages that can be sent to the SUT.

To use LearnLib, we need to fix an input alphabet of messages that can be sent to the SUT. This alphabet is an abstraction of the actual messages sent. In our analyses we use different input alphabets depending on whether we test a client or server, and whether we perform a more limited or more extensive analysis. To test servers we support the following messages: ClientHello (RSA and DHE), Certificate (RSA and empty), ClientKeyExchange, ClientCertificateVerify, ChangeCipherSpec, Finished, ApplicationData (regular and empty), HeartbeatRequest and HeartbeatResponse. To test clients we support the following messages: ServerHello (RSA and DHE), Certificate (RSA and empty), CertificateRequest, ServerKeyExchange, ServerHelloDone, ChangeCipherSpec, Finished, ApplicationData (regular and empty), HeartbeatRequest and HeartbeatResponse.

Learned models of TLS protocols

Below models were learned from real TLS implementations with the learning setup described below.

Benchmark NameModelInputs/OutputsStatesTransitionsPublications
GnuTLS 3.3.12 client (full)dot-file12 / 79108[RP15]
GnuTLS 3.3.12 client (regular)dot-file8 / 10756[RP15]
GnuTLS 3.3.12 server (full)dot-file12 / 129108[RP15]
GnuTLS 3.3.12 server (regular)dot-file8 / 10756[RP15]
GnuTLS 3.3.8 client (full)dot-file12 / 815180[RP15]
GnuTLS 3.3.8 client (regular)dot-file8 / 61188[RP15]
GnuTLS 3.3.8 server (full)dot-file11 / 1216176[RP15]
GnuTLS 3.3.8 server (regular)dot-file8 / 101296[RP15]
miTLS 0.1.3 server (regular)dot-file8 / 8648[RP15]
NSS 3.17.4 client (full)dot-file12 / 911132[RP15]
NSS 3.17.4 client (regular)dot-file8 / 7756[RP15]
NSS 3.17.4 server (regular)dot-file8 / 9864[RP15]
OpenSSL 1.0.1g client (regular)dot-file7 / 71070[RP15]
OpenSSL 1.0.1g server (regular)dot-file7 / 1116112[RP15]
OpenSSL 1.0.1j client (regular)dot-file7 / 5642[RP15]
OpenSSL 1.0.1j server (regular)dot-file7 / 91177[RP15]
OpenSSL 1.0.1l client (regular)dot-file7 / 5642[RP15]
OpenSSL 1.0.1l server (regular)dot-file7 / 81070[RP15]
OpenSSL 1.0.2 client (full)dot-file10 / 6990[RP15]
OpenSSL 1.0.2 client (regular)dot-file7 / 5642[RP15]
OpenSSL 1.0.2 server (regular)dot-file7 / 7749[RP15]
RSA BSAFE C 4.0.4 server (regular)dot-file8 / 11972[RP15]
RSA BSAFE Java 6.1.1 server (regular)dot-file8 / 7648[RP15]

Pictures of Learned Models

Some of the learned models listed in the table Models of TLS protocols above are shown below :

GnuTLS

Learned model of GnuTLS 2.12.14

PolarSSL

Learned model of PolarSSL 1.2.7

OpenSSL

Learned model of OpenSSL 1.0.1c