Formal security analysis of PKCS#11 and proprietary extensions
نویسندگان
چکیده
PKCS#11 defines an API for cryptographic devices that has been widely adoptedin industry. However, it has been shown to be vulnerable to a variety of attacks thatcould, for example, compromise the sensitive keys stored on the device. In this paper, weset out a formal model of the operation of the API, which differs from previous securityAPI models notably in that it accounts for non-monotonic mutable global state. We givedecidability results for our formalism, and describe an implementation of the resulting de-cision procedure using the model checker NuSMV. We report some new attacks and provethe safety of some configurations of the API in our model. We also analyse proprietaryextensions proposed by nCipher (Thales) and Eracom (Safenet), designed to address theshortcomings of PKCS#11.
منابع مشابه
Reasoning with Past to Prove PKCS#11 Keys Secure
PKCS#11 is a widely adopted standard that defines a security API for accessing devices such as smartcards and hardware security modules. Motivated by experiments on several devices we develop an approach that allows us to formally establish security properties of keys stored on such devices. We use first-order linear time logic extended by past operators. The expressiveness of a first-order lan...
متن کاملAPDU-Level Attacks in PKCS#11 Devices
In this paper we describe attacks on PKCS#11 devices that we successfully mounted by interacting with the low-level APDU protocol, used to communicate with the device. They exploit proprietary implementation weaknesses which allow attackers to bypass the security enforced at the PKCS#11 level. Some of the attacks leak, as cleartext, sensitive cryptographic keys in devices that were previously c...
متن کاملStéphanie Delaune , Steve Kremer and Graham Steel Formal Analysis of
PKCS#11 defines an API for cryptographic devices that has been widely adopted in industry. However, it has been shown to be vulnerable to a variety of attacks that could, for example, compromise the sensitive keys stored on the device. In this paper, we set out a formal model of the operation of the API, which differs from previous security API models notably in that it accounts for non-monoton...
متن کاملA Provably Secure PKCS#11 Configuration Without Authenticated Attributes
Cryptographic APIs like PKCS#11 are interfaces to trusted hardware where keys are stored; the secret keys should never leave the trusted hardware in plaintext. In PKCS#11 it is possible to give keys conflicting roles, leading to a number of key-recovery attacks. To prevent these attacks, one can authenticate the attributes of keys when wrapping, but this is not standard in PKCS#11. Alternativel...
متن کاملBiometrics to Enhance Smartcard Security
A novel protocol is proposed to address the problem of user authentication to smartcards using devices that are currently inexpensive. The protocol emulates expensive Match On Card (MOC) smartcards, which can compute a biometric match, by cheap Template on Card (TOC) smartcards, which only store a biometric template. The actual match is delegated to an extension of the cryptographic module runn...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Journal of Computer Security
دوره 18 شماره
صفحات -
تاریخ انتشار 2010