{"id":"https://openalex.org/W4415744230","doi":"https://doi.org/10.1109/qrs-c65679.2025.00074","title":"CPFuzz: A Model-based Black-box Fuzzer for Cryptographic Protocols","display_name":"CPFuzz: A Model-based Black-box Fuzzer for Cryptographic Protocols","publication_year":2025,"publication_date":"2025-07-16","ids":{"openalex":"https://openalex.org/W4415744230","doi":"https://doi.org/10.1109/qrs-c65679.2025.00074"},"language":null,"primary_location":{"id":"doi:10.1109/qrs-c65679.2025.00074","is_oa":false,"landing_page_url":"https://doi.org/10.1109/qrs-c65679.2025.00074","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 25th International Conference on Software Quality, Reliability, and Security Companion (QRS-C)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5115602609","display_name":"Yingjie Li","orcid":"https://orcid.org/0000-0002-5635-0590"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Yingjie Li","raw_affiliation_strings":["Beijing Jinghang Computation and Communication Research Institute,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Beijing Jinghang Computation and Communication Research Institute,Beijing,China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101437814","display_name":"Wei Liu","orcid":"https://orcid.org/0000-0002-1830-7305"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wei Liu","raw_affiliation_strings":["Beijing Jinghang Computation and Communication Research Institute,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Beijing Jinghang Computation and Communication Research Institute,Beijing,China","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Junying Chen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Junying Chen","raw_affiliation_strings":["Beijing Jinghang Computation and Communication Research Institute,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Beijing Jinghang Computation and Communication Research Institute,Beijing,China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091472574","display_name":"Jun Wu","orcid":"https://orcid.org/0000-0003-4098-3833"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Junshuang Wu","raw_affiliation_strings":["Beijing Jinghang Computation and Communication Research Institute,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Beijing Jinghang Computation and Communication Research Institute,Beijing,China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5050900731","display_name":"Bo Liu","orcid":"https://orcid.org/0000-0002-9953-8438"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bo Liu","raw_affiliation_strings":["Beijing Jinghang Computation and Communication Research Institute,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Beijing Jinghang Computation and Communication Research Institute,Beijing,China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5115602609"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.31898477,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"556","last_page":"565"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.5475000143051147,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.5475000143051147,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.3028999865055084,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.047200001776218414,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.9070000052452087},{"id":"https://openalex.org/keywords/cryptographic-protocol","display_name":"Cryptographic protocol","score":0.7322999835014343},{"id":"https://openalex.org/keywords/cryptographic-primitive","display_name":"Cryptographic primitive","score":0.6682999730110168},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.6445000171661377},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5733000040054321},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.4767000079154968},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.40630000829696655},{"id":"https://openalex.org/keywords/plaintext","display_name":"Plaintext","score":0.3734999895095825}],"concepts":[{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.9070000052452087},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7601000070571899},{"id":"https://openalex.org/C33884865","wikidata":"https://www.wikidata.org/wiki/Q1254335","display_name":"Cryptographic protocol","level":3,"score":0.7322999835014343},{"id":"https://openalex.org/C15927051","wikidata":"https://www.wikidata.org/wiki/Q246593","display_name":"Cryptographic primitive","level":4,"score":0.6682999730110168},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.6445000171661377},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5733000040054321},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.4767000079154968},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.40630000829696655},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4056999981403351},{"id":"https://openalex.org/C92717368","wikidata":"https://www.wikidata.org/wiki/Q1162538","display_name":"Plaintext","level":3,"score":0.3734999895095825},{"id":"https://openalex.org/C17886624","wikidata":"https://www.wikidata.org/wiki/Q1320561","display_name":"Key management","level":3,"score":0.323199987411499},{"id":"https://openalex.org/C12269588","wikidata":"https://www.wikidata.org/wiki/Q132364","display_name":"Communications protocol","level":2,"score":0.3206999897956848},{"id":"https://openalex.org/C100485629","wikidata":"https://www.wikidata.org/wiki/Q1669397","display_name":"Hash-based message authentication code","level":4,"score":0.320499986410141},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.3181999921798706},{"id":"https://openalex.org/C76844732","wikidata":"https://www.wikidata.org/wiki/Q4072285","display_name":"Conformance testing","level":3,"score":0.2939999997615814},{"id":"https://openalex.org/C2776436953","wikidata":"https://www.wikidata.org/wiki/Q5163215","display_name":"Consistency (knowledge bases)","level":2,"score":0.2793999910354614},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.27469998598098755},{"id":"https://openalex.org/C2775928411","wikidata":"https://www.wikidata.org/wiki/Q2041312","display_name":"Fault injection","level":3,"score":0.27230000495910645},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2660999894142151},{"id":"https://openalex.org/C203062551","wikidata":"https://www.wikidata.org/wiki/Q201339","display_name":"Public-key cryptography","level":3,"score":0.2556000053882599},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.25519999861717224},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.25189998745918274}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/qrs-c65679.2025.00074","is_oa":false,"landing_page_url":"https://doi.org/10.1109/qrs-c65679.2025.00074","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 25th International Conference on Software Quality, Reliability, and Security Companion (QRS-C)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W941301462","https://openalex.org/W1969031931","https://openalex.org/W1989445634","https://openalex.org/W2002934700","https://openalex.org/W2009901043","https://openalex.org/W2179304688","https://openalex.org/W2294404229","https://openalex.org/W2295974667","https://openalex.org/W2515553645","https://openalex.org/W2546094875","https://openalex.org/W2765827436","https://openalex.org/W2906397449","https://openalex.org/W2914954538","https://openalex.org/W2964160436","https://openalex.org/W3006477812","https://openalex.org/W3047947484","https://openalex.org/W3091889505","https://openalex.org/W3140949594","https://openalex.org/W4210531213","https://openalex.org/W4221162498","https://openalex.org/W4226265578","https://openalex.org/W4287882706","https://openalex.org/W4362466275","https://openalex.org/W4382941062","https://openalex.org/W4402696986"],"related_works":[],"abstract_inverted_index":{"Secure":[0],"communication":[1,138],"is":[2],"a":[3,27,46,103,113,119,144],"foundational":[4],"requirement":[5],"for":[6,108,218],"dependable":[7],"artificial":[8,57],"intelligence":[9,58],"systems,":[10],"especially":[11],"as":[12,77,92],"they":[13],"increasingly":[14],"rely":[15],"on":[16,173],"networked":[17],"interactions,":[18],"cloud-based":[19],"services,":[20],"and":[21,34,42,84,94,117,126,136,165,180,202,216],"distributed":[22],"components.":[23],"Cryptographic":[24],"protocols":[25,72],"play":[26],"key":[28,190],"role":[29],"in":[30,221],"ensuring":[31],"the":[32,54,85,134,141,158,210],"confidentiality":[33],"integrity":[35],"of":[36,49,56,153,212,224],"these":[37,98],"communications.":[38],"However,":[39],"their":[40],"complexity":[41],"sensitivity":[43],"make":[44],"them":[45],"common":[47],"source":[48],"hidden":[50],"vulnerabilities":[51],"that":[52,185],"threaten":[53],"reliability":[55],"systems.":[59],"Existing":[60],"fuzz":[61,222],"testing":[62,131,223],"tools":[63],"often":[64],"exhibit":[65],"poor":[66],"performance":[67],"when":[68],"applied":[69],"to":[70,74,87,123,148],"cryptographic":[71,89,109,154,219,225],"due":[73],"issues":[75],"such":[76,91],"protocol":[78,155,163,200],"syntax":[79],"constraints,":[80],"inefficient":[81],"mutation":[82,115],"strategies,":[83],"inability":[86],"handle":[88],"operations":[90,220],"encryption":[93,125],"decryption.":[95],"To":[96],"address":[97],"challenges,":[99],"we":[100],"propose":[101],"CPFuzz,":[102],"black-box":[104],"fuzzer":[105,142],"designed":[106],"specifically":[107],"protocols.":[110,226],"CPFuzz":[111,172,186],"employs":[112],"field-aware":[114],"strategy":[116],"integrates":[118],"context":[120],"recording":[121],"component":[122],"facilitate":[124],"decryption":[127],"processes,":[128],"enabling":[129],"comprehensive":[130],"across":[132,189],"both":[133],"plaintext":[135],"encrypted":[137],"phases.":[139],"Additionally,":[140],"incorporates":[143],"model":[145,214],"learning":[146,215],"approach":[147],"construct":[149],"state":[150],"machine":[151],"models":[152],"implementations,":[156,176],"guiding":[157],"fuzzing":[159,191],"process":[160],"towards":[161],"unexplored":[162],"states":[164],"enhancing":[166],"test":[167],"case":[168],"efficiency.":[169],"We":[170],"evaluated":[171],"multiple":[174],"TLS":[175],"including":[177],"OpenSSL,":[178],"GnuTLS,":[179],"miTLS.":[181],"Experimental":[182],"results":[183],"show":[184],"outperforms":[187],"AFLNet":[188],"metrics.":[192],"It":[193],"achieves":[194],"higher":[195],"code":[196],"coverage,":[197],"discovers":[198],"more":[199,204],"states,":[201],"triggers":[203],"unique":[205],"crashes.":[206],"This":[207],"paper":[208],"demonstrates":[209],"importance":[211],"combining":[213],"support":[217]},"counts_by_year":[],"updated_date":"2026-04-17T18:11:37.981687","created_date":"2025-10-31T00:00:00"}