The Correctness of Crypto Transaction Sets

Anderson, Ross

doi:10.1007/3-540-44810-1_17

Cited by 11 publications

(13 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Intention represents the true and idealised aims of a designer when producing an API, which may be updated retrospectively. We define intention in the same way as it is used in Anderson's definition of an API attack [1], as "a malicious sequence of commands which result in an output the designer could not possibly have intended". A security policy document may be explicit or implicit, it may be wrong, it may have gaps.…”

Section: Securing Inputs To Security Apismentioning

confidence: 99%

See 1 more Smart Citation

Integrity of intention (a theory of types for security APIs)

Bond

Clulow

2006

Information Security Technical Report

View full text Add to dashboard Cite

Abstract. The task of a security API is to allow users to process data and key material according to the designer's intentions, and to prevent any malicious sequence of commands from violating these intentions. Security APIs do this by attaching metadata to keys and data -type information -to record acceptable usage policy, which is checked by individual API commands in order to approve or deny a particular manipulation. But what actually is type information? This paper proposes a conceptual framework for understanding cryptographic type, and how it maintains the integrity of the designers intentions in an API. We describe four core conceptual components of type: form, use, role and domain. We compare our model to real-life security APIs, and argue that designing new systems within the bounds of the model improves safety, eliminating many common security issues.

show abstract

Section: Securing Inputs To Security Apismentioning

confidence: 99%

“…With respect to key role, the API treats real world-people as resources, and decides whether or not a key (through assuming a particular role) should be granted access to a user. This reversal of perspective is of much more practical than focusing on roles of people, as the divisions there tend to be more straightforward 1 .…”

Section: Rolementioning

confidence: 99%

Integrity of intention (a theory of types for security APIs)

Bond

Clulow

2006

Information Security Technical Report

View full text Add to dashboard Cite

show abstract

“…The attacks on PKCS#11 we consider in this paper are at the API level [2,4,5,6,10,11,13,21], i.e., the attacker is assumed to control the host on which the token is connected and to perform any sequence of (legal) API calls. The crucial functionalities of PKCS#11 are the ones for exporting and importing sensitive keys (CKA SENSITIVE), called C WrapKey and C UnwrapKey.…”

Section: Introductionmentioning

confidence: 99%

“…We have shown, however, that this is not always the case for commercial devices [6] (see, in particular, attack a4). 2 Our starting point is to allow variations in how the standard is implemented, in particular for what concerns assigning attributes to keys, and devise techniques to prove that these implementations achieve the desired security goals. Our approach is 'language-based' which makes it appealing for application to the firmware of real devices, as we discuss in Section 5.…”

Section: Introductionmentioning

confidence: 99%

Type-based analysis of key management in PKCS#11 cryptographic devices

Centenaro

Focardi

Luccio

2013

JCS

View full text Add to dashboard Cite

PKCS#11, is a security API for cryptographic tokens. It is known to be vulnerable to attacks which can directly extract, as cleartext, the value of sensitive keys. In particular, the API does not impose any limitation on the different roles a key can assume, and it permits to perform conflicting operations such as asking the token to wrap a key with another one and then to decrypt it. Fixes proposed in the literature, or implemented in real devices, impose policies restricting key roles and token functionalities. In this paper we define a simple imperative programming language, suitable to code PKCS#11 symmetric key management, and we develop a type-based analysis to prove that the secrecy of sensitive keys is preserved under a certain policy. We formally analyse existing fixes for PKCS#11 and we propose a new one, which is type-checkable and prevents conflicting roles by deriving different keys for different roles. We develop a prototype type-checker for a software token emulator written in C and we experiment on various working configurations.

show abstract

“…The attacks on PKCS#11 we consider in this paper are at the API level [1,2,3,4,7,8,10,16], i.e., the attacker is assumed to control the host on which the token is connected and to perform any sequence of (legal) API calls. The crucial functionalities of PKCS#11 are the ones for exporting and importing sensitive keys, called C WrapKey and C UnwrapKey.…”

Section: Introductionmentioning

confidence: 99%

Type-Based Analysis of PKCS#11 Key Management

Centenaro

Focardi

Luccio

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. PKCS#11, is a security API for cryptographic tokens. It is known to be vulnerable to attacks which can directly extract, as cleartext, the value of sensitive keys. In particular, the API does not impose any limitation on the different roles a key can assume, and it permits to perform conflicting operations such as asking the token to wrap a key with another one and then to decrypt it. Fixes proposed in the literature, or implemented in real devices, impose policies restricting key roles and token functionalities. In this paper we define a simple imperative programming language, suitable to code PKCS#11 symmetric key management, and we develop a type-based analysis to prove that the secrecy of sensitive keys is preserved under a certain policy. We formally analyse existing fixes for PKCS#11 and we propose a new one, which is type-checkable and prevents conflicting roles by deriving different keys for different roles.

show abstract

The Correctness of Crypto Transaction Sets

Cited by 11 publications

References 16 publications

Integrity of intention (a theory of types for security APIs)

Integrity of intention (a theory of types for security APIs)

Type-based analysis of key management in PKCS#11 cryptographic devices

Type-Based Analysis of PKCS#11 Key Management

Contact Info

Product

Resources

About