Model-Based Testing of Cryptographic Components -- Lessons Learned from Experience

We present an approach to use techniques of model based testing (MBT) applied on security cryptographic components. This application of MBT is done in the context of a qualification testing phase made by an entity independent from designers, developers and sponsors of the cryptographic components under test. This qualification phase targets both hardware and software cryptographic components and the testing activities cover functional and security testing objectives. In this context, we present the application of MBT for two cryptographic components (one hardware and one software) and show the complementary of test selection criteria based on one side on a structural coverage of the behavioral model used for test generation, and on the other side on a test purpose approach to meet some security test objectives. The test purpose language used in this project is novel and has been designed to complete behavioral model coverage criteria in the MBT process.