A generic security API for symmetric key management on cryptographic devices
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Attacking and fixing PKCS#11 security tokens
Proceedings of the 17th ACM conference on Computer and communications security
Reasoning with past to prove PKCS#11 keys secure
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
A formal analysis of authentication in the TPM
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
An introduction to security API analysis
Foundations of security analysis and design VI
Type-Based analysis of PKCS#11 key management
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Concepts and proofs for configuring PKCS#11
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Revoke and let live: a secure key revocation api for cryptographic devices
Proceedings of the 2012 ACM conference on Computer and communications security
Type-based analysis of key management in PKCS#11 cryptographic devices
Journal of Computer Security - Security and Trust Principles
| Hi-index | 0.00 |
We extend Delaune, Kremer and Steel's framework for analysis of PKCS#11-based APIs from bounded to unbounded fresh data. We achieve this by: formally defining the notion of an attribute policy; showing that a well-designed API should have a certain class of policy we call complete; showing that APIs with complete policies may be safely abstracted to APIs where the attributes are fixed; and proving that these static APIs can be analysed in a small bounded model such that security properties will hold for the unbounded case. We automate analysis in our framework using the SAT-based security protocol model checker SATMC. We show that a symmetric key management subset of the Eracom PKCS#11 API, used in their ProtectServer product, preserves the secrecy of sensitive keys for unbounded numbers of fresh keys and handles, i.e. pointers to keys. We also show that this API is not robust: if an encryption key is lost to the intruder, SATMC finds an attack whereby all the keys may be compromised.