Type-based Analysis of PIN Processing APIs (bibtex)
by Matteo Centenaro, Riccardo Focardi, Flaminia L. Luccio, Graham Steel
Abstract:
We examine some known attacks on the PIN verification framework, based on weaknesses of the security API for the tamper-resistant Hardware Security Modules used in the network. We specify this API in an imperative language with cryptographic primitives, and show how its flaws are captured by a notion of robustness that extends the one of Myers, Sabelfeld and Zdancewic to our cryptographic setting. We propose an improved API, give an extended type system for assuring integrity and for preserving confidentiality via randomized and non-randomized encryptions, and show our new API to be type-checkable.
Reference:
Type-based Analysis of PIN Processing APIs (Matteo Centenaro, Riccardo Focardi, Flaminia L. Luccio, Graham Steel), In Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS'09) (Michael Backes, Peng Ning, eds.), Springer, volume 5789, 2009.
Bibtex Entry:
@inproceedings{CFLS-esorics09,
  abstract =      {We examine some known attacks on the PIN verification
                   framework, based on weaknesses of the security API
                   for the tamper-resistant Hardware Security Modules
                   used in the network. We specify this API in an
                   imperative language with cryptographic primitives,
                   and show how its flaws are captured by a notion of
                   robustness that extends the one of Myers, Sabelfeld
                   and Zdancewic to our cryptographic setting.
                   We~propose an improved API, give an extended type
                   system for assuring integrity and for preserving
                   confidentiality via randomized and non-randomized
                   encryptions, and show our new API to be
                   type-checkable.},
  address =       {Saint~Malo, France},
  author =        {Centenaro, Matteo and Focardi, Riccardo and
                   Luccio, Flaminia L. and Steel, Graham},
  booktitle =     {{P}roceedings of the 14th {E}uropean {S}ymposium on
                   {R}esearch in {C}omputer {S}ecurity ({ESORICS}'09)},
  DOI =           {10.1007/978-3-642-04444-1_4},
  editor =        {Backes, Michael and Ning, Peng},
  month =         sep,
  pages =         {53-68},
  publisher =     {Springer},
  series =        {Lecture Notes in Computer Science},
  title =         {Type-based Analysis of {PIN} Processing {API}s},
  volume =        {5789},
  year =          {2009},
  acronym =       {{ESORICS}'09},
  nmonth =        {9},
  url =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/CFLS-esorics09.pdf},
  PDF =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/CFLS-esorics09.pdf},
  lsv-category =  {intc},
  wwwpublic =     {public and ccsb},
}
Powered by bibtexbrowser