An automatic search for security flaws in key management schemes
Computers and Security
An Open-Ended Finite Domain Constraint Solver
PLILP '97 Proceedings of the9th International Symposium on Programming Languages: Implementations, Logics, and Programs: Including a Special Trach on Declarative Programming Languages in Education
Probabilistic Analysis of Anonymity
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
PRISM 2.0: A Tool for Probabilistic Model Checking
QEST '04 Proceedings of the The Quantitative Evaluation of Systems, First International Conference
Automatic discovery of API-level exploits
Proceedings of the 27th international conference on Software engineering
Analysing protocols subject to guessing attacks
Journal of Computer Security - Special issue on WITS'02
Deduction with XOR constraints in security API modelling
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Plans, Actions and Dialogues Using Linear Logic
Journal of Logic, Language and Information
Blunting Differential Attacks on PIN Processing APIs
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Type-based analysis of PIN processing APIs
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Cracking bank PINs by playing mastermind
FUN'10 Proceedings of the 5th international conference on Fun with algorithms
Secure upgrade of hardware security modules in bank networks
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Non-uniform distributions in quantitative information-flow
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
An introduction to security API analysis
Foundations of security analysis and design VI
Secure recharge of disposable RFID tickets
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Hi-index | 0.00 |
Personal identification number (PIN) blocks are 64-bit strings that encode a PIN ready for encryption and secure transmission in banking networks. These networks employ tamper-proof hardware security modules (HSMs) to perform sensitive cryptographic operations, such as checking the correctness of a PIN typed by a customer. The use of these HSMs is controlled by an API designed to enforce security. PIN block attacks are unanticipated sequences of API commands which allow an attacker to determine the value of a PIN in an encrypted PIN block. This paper describes a framework for formal analysis of such attacks. Our analysis is probabilistic, and is automated using constraint logic programming and probabilistic model checking.