A generic security API for symmetric key management on cryptographic devices (bibtex)
by Véronique Cortier, Graham Steel
Abstract:
Security APIs are used to define the boundary between trusted and untrusted code. The security properties of existing APIs are not always clear. In this paper, we give a new generic API for managing symmetric keys on a trusted cryptographic device. We state and prove security properties for our API. In particular, our API offers a high level of security even when the host machine is controlled by an attacker. Our API is generic in the sense that it can implement a wide variety of (symmetric key) protocols. As a proof of concept, we give an algorithm for automatically instantiating the API commands for a given key management protocol. We demonstrate the algorithm on a set of key establishment protocols from the Clark-Jacob suite.
Reference:
A generic security API for symmetric key management on cryptographic devices (Véronique Cortier, Graham Steel), In Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS'09) (Michael Backes, Peng Ning, eds.), Springer, volume 5789, 2009.
Bibtex Entry:
@inproceedings{CS-esorics09,
  abstract =      {Security APIs are used to define the boundary between
                   trusted and untrusted code. The security properties
                   of existing APIs are not always clear. In~this paper,
                   we~give a new generic API for managing symmetric keys
                   on a trusted cryptographic device. We state and prove
                   security properties for our API. In~particular, our
                   API offers a high level of security even when the
                   host machine is controlled by an attacker. Our API is
                   generic in the sense that it can implement a wide
                   variety of (symmetric~key) protocols. As a proof of
                   concept, we give an algorithm for automatically
                   instantiating the API commands for a given key
                   management protocol. We demonstrate the algorithm on
                   a set of key establishment protocols from the
                   Clark-Jacob suite.},
  address =       {Saint~Malo, France},
  author =        {Cortier, V{\'e}ronique and Steel, Graham},
  booktitle =     {{P}roceedings of the 14th {E}uropean {S}ymposium on
                   {R}esearch in {C}omputer {S}ecurity ({ESORICS}'09)},
  DOI =           {10.1007/978-3-642-04444-1_37},
  editor =        {Backes, Michael and Ning, Peng},
  month =         sep,
  pages =         {605-620},
  publisher =     {Springer},
  series =        {Lecture Notes in Computer Science},
  title =         {A~generic security {API} for symmetric key management
                   on cryptographic devices},
  volume =        {5789},
  year =          {2009},
  acronym =       {{ESORICS}'09},
  nmonth =        {9},
  url =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/CS-esorics09.pdf},
  PDF =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/CS-esorics09.pdf},
  lsv-category =  {intc},
  wwwpublic =     {public and ccsb},
}
Powered by bibtexbrowser