A generic security API for symmetric key management on cryptographic devices

Authors:
Véronique Cortier;Graham Steel
Affiliations:
LORIA, CNRS & INRIA;Laboratoire Spécification et Vérification, CNRS & INRIA & ENS de Cachan
Venue:
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Year:
2009

Citing 8
Cited 3

An automatic search for security flaws in key management schemes

Computers and Security
Optimal privacy and authentication on a portable communications system

ACM SIGOPS Operating Systems Review
Looking for Diamonds in the Desert - Extending Automatic Protocol Generation to Three-Party Authentication and Key Agreement Protocols

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Protocol Insecurity with Finite Number of Sessions is NP-Complete

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Securing vehicular ad hoc networks

Journal of Computer Security - Special Issue on Security of Ad-hoc and Sensor Networks
Formal Analysis of PKCS#11

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Analysing PKCS#11 Key Management APIs with Unbounded Fresh Data

Foundations and Applications of Security Analysis
Automatic analysis of the security of XOR-based key management schemes

TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems

Attacking and fixing PKCS#11 security tokens

Proceedings of the 17th ACM conference on Computer and communications security
An introduction to security API analysis

Foundations of security analysis and design VI
Revoke and let live: a secure key revocation api for cryptographic devices

Proceedings of the 2012 ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security APIs are used to define the boundary between trusted and untrusted code. The security properties of existing APIs are not always clear. In this paper, we give a new generic API for managing symmetric keys on a trusted cryptographic device. We state and prove security properties for our API. In particular, our API offers a high level of security even when the host machine is controlled by an attacker. Our API is generic in the sense that it can implement a wide variety of (symmetric key) protocols. As a proof of concept, we give an algorithm for automatically instantiating the API commands for a given key management protocol. We demonstrate the algorithm on a set of key establishment protocols from the Clark-Jacob suite.