A key-management scheme for distributed sensor networks
Proceedings of the 9th ACM conference on Computer and communications security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Attacking Group Protocols by Refuting Incorrect Inductive Conjectures
Journal of Automated Reasoning
Just fast keying in the pi calculus
ACM Transactions on Information and System Security (TISSEC)
Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
A Secure Cryptographic Token Interface
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Analysing PKCS#11 Key Management APIs with Unbounded Fresh Data
Foundations and Applications of Security Analysis
A generic security API for symmetric key management on cryptographic devices
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Hi-index | 0.00 |
While extensive research addresses the problem of establishing session keys through cryptographic protocols, relatively little work has appeared addressing the problem of revocation and update of long term keys. We present an API for symmetric key management on embedded devices that supports key establishment and revocation, and prove security properties of our design in the symbolic model of cryptography. Our API supports two modes of revocation: a passive mode where keys have an expiration time, and an active mode where revocation messages are sent to devices. For the first we show that once enough time has elapsed after the compromise of a key, the system returns to a secure state, i.e. the API is robust against attempts by the attacker to use a compromised key to compromise other keys or to keep the compromised key alive past its validity time. For the second we show that once revocation messages have been received the system immediately returns to a secure state. Notable features of our designs are that all secret values on the device are revocable, and the device returns to a functionally equivalent state after revocation is complete.