An automatic search for security flaws in key management schemes
Computers and Security
Guarded commands, nondeterminacy and formal derivation of programs
Communications of the ACM
Multiset Rewriting and Security Protocol Analysis
RTA '02 Proceedings of the 13th International Conference on Rewriting Techniques and Applications
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Multiset rewriting and the complexity of bounded security protocols
Journal of Computer Security
Applying Protocol Analysis to Security Device Interfaces
IEEE Security and Privacy
A Formal Theory of Key Conjuring
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Automatic analysis of the security of XOR-based key management schemes
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Deduction with XOR constraints in security API modelling
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Hierarchical combination of intruder theories
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
Attacking and fixing PKCS#11 security tokens
Proceedings of the 17th ACM conference on Computer and communications security
An introduction to security API analysis
Foundations of security analysis and design VI
Type-Based analysis of PKCS#11 key management
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Concepts and proofs for configuring PKCS#11
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Type-based analysis of key management in PKCS#11 cryptographic devices
Journal of Computer Security - Security and Trust Principles
Hi-index | 0.00 |
PKCS#11 defines an API for cryptographic devices that has been widely adopted in industry. However, it has been shown to be vulnerable to a variety of attacks that could, for example, compromise the sensitive keys stored on the device. In this paper, we set out a formal model of the operation of the API, which differs from previous security API models notably in that it accounts for non-monotonic mutable global state. We give decidability results for our formalism, and describe an implementation of the resulting decision procedure using the model checker NuSMV. We report some new attacks and prove the safety of some configurations of the API in our model. We also analyse proprietary extensions proposed by nCipher (Thales) and Eracom (Safenet), designed to address the shortcomings of PKCS#11.