Attacking and fixing PKCS#11 security tokens
Proceedings of the 17th ACM conference on Computer and communications security
An introduction to security API analysis
Foundations of security analysis and design VI
Design and implementation of a key-lifecycle management system
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Revoke and let live: a secure key revocation api for cryptographic devices
Proceedings of the 2012 ACM conference on Computer and communications security
| Hi-index | 0.00 |
Cryptographic keys must be protected from exposure.In real-worldapplications, they are often guarded by cryptographic tokens thatemploy sophisticated hardware-security measures.Several logicalattacks on the key management operations of cryptographic tokenshave been reported in the past, which allowed to expose keys merelyby exploiting the token API in unexpected ways.This paper proposes a novel, provably secure, cryptographic tokeninterface that supports multiple users, implements symmetriccryptosystems and public-key schemes, and provides operations forkey generation, encryption, authentication, and key wrapping.Thetoken interface allows only the most important operations found inreal-world token APIs; while flexible to be of practical use, it isrestricted enough so that it does not expose any key to a userwithout sufficient privileges.The security policy can be appliedto the industry-standard PKCS #11 interface.