An automatic search for security flaws in key management schemes
Computers and Security
Secrecy by typing in security protocols
Journal of the ACM (JACM)
A sound type system for secure flow analysis
Journal of Computer Security
Formal Eavesdropping and Its Computational Interpretation
TACS '01 Proceedings of the 4th International Symposium on Theoretical Aspects of Computer Software
Enforcing robust declassification and qualified robustness
Journal of Computer Security - Special issue on CSFW17
Formal analysis of PIN block attacks
Theoretical Computer Science - Automated reasoning for security protocol analysis
A Cryptographic Decentralized Label Model
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Cryptographically sound implementations for typed information-flow security
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
On the computational soundness of cryptographically masked flows
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information flow security of multi-threaded distributed programs
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Cryptographically-masked flows
Theoretical Computer Science
Towards a Type System for Security APIs
Foundations and Applications of Security Analysis
Declassification: Dimensions and principles
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Computationally sound typing for non-interference: the case of deterministic encryption
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
The unbearable lightness of PIN cracking
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Soundness of formal encryption in the presence of key-cycles
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Blunting Differential Attacks on PIN Processing APIs
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Cracking bank PINs by playing mastermind
FUN'10 Proceedings of the 5th international conference on Fun with algorithms
Secure upgrade of hardware security modules in bank networks
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Match it or die: proving integrity by equality
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Information leakage analysis by abstract interpretation
SOFSEM'11 Proceedings of the 37th international conference on Current trends in theory and practice of computer science
A weakest precondition approach to robustness
Transactions on computational science X
An introduction to security API analysis
Foundations of security analysis and design VI
Type-Based analysis of PKCS#11 key management
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Secure recharge of disposable RFID tickets
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Type-based analysis of key management in PKCS#11 cryptographic devices
Journal of Computer Security - Security and Trust Principles
Hi-index | 0.00 |
We examine some known attacks on the PIN verification framework, based on weaknesses of the security API for the tamperresistant Hardware Security Modules used in the network. We specify this API in an imperative language with cryptographic primitives, and show how its flaws are captured by a notion of robustness that extends the one of Myers, Sabelfeld and Zdancewic to our cryptographic setting. We propose an improved API, give an extended type system for assuring integrity and for preserving confidentiality via randomized and nonrandomized encryptions, and show our new API to be type-checkable.