A Formal Theory of Key Conjuring (bibtex)
by Véronique Cortier, Stéphanie Delaune, Graham Steel
Abstract:
We describe a formalism for \emphkey conjuring, the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. This technique has been used to attack the security APIs of several Hardware Security Modules (HSMs), which are widely deployed in the ATM (cash machine) network. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's Common Cryptographic Architecture (CCA).
Reference:
A Formal Theory of Key Conjuring (Véronique Cortier, Stéphanie Delaune, Graham Steel), In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF'07), IEEE Computer Society Press, 2007.
Bibtex Entry:
@inproceedings{CDS-csf07,
  abstract =      {We describe a formalism for \emph{key conjuring}, the
                   process by which an attacker obtains an unknown,
                   encrypted key by repeatedly calling a cryptographic
                   API function with random values in place of keys.
                   This technique has been used to attack the security
                   APIs of several Hardware Security Modules~(HSMs),
                   which are widely deployed in the ATM (cash machine)
                   network. We~propose a formalism for detecting
                   computationally feasible key conjuring operations,
                   incorporated into a Dolev-Yao style model of the
                   security~API. We~show that security in the presence
                   of key conjuring operations is decidable for a
                   particular class of~APIs, which includes the key
                   management~API of IBM's Common Cryptographic
                   Architecture~(CCA).},
  address =       {Venice, Italy},
  author =        {Cortier, V{\'e}ronique and Delaune, St{\'e}phanie and
                   Steel, Graham},
  booktitle =     {{P}roceedings of the 20th {IEEE} {C}omputer
                   {S}ecurity {F}oundations {S}ymposium ({CSF}'07)},
  DOI =           {10.1109/CSF.2007.5},
  month =         jul,
  pages =         {79-93},
  publisher =     {{IEEE} Computer Society Press},
  title =         {A Formal Theory of Key Conjuring},
  year =          {2007},
  acronym =       {{CSF}'07},
  nmonth =        {7},
  url =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/CDS-csf07.pdf},
  PDF =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/CDS-csf07.pdf},
  PS =            {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PS/CDS-csf07.ps},
  LONGPDF =       {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/RR-inria6134.pdf},
  lsv-category =  {intc},
  wwwpublic =     {public and ccsb},
}
Powered by bibtexbrowser