Formal Analysis of PKCS\11 and Proprietary Extensions (bibtex)
by Stéphanie Delaune, Steve Kremer, Graham Steel
Abstract:
PKCS\11 denes an API for cryptographic devices that has been widely adopted in industry. However, it has been shown to be vulnerable to a variety of attacks that could, for example, compromise the sensitive keys stored on the device. In this paper, we set out a formal model of the operation of the API, which diers from previous security API models notably in that it accounts for non-monotonic mutable global state. We give decidability results for our formalism, and describe an implementation of the resulting decision procedure using the model checker NuSMV. We report some new attacks and prove the safety of some congurations of the API in our model. We also analyse proprietary extensions proposed by nCipher (Thales) and Eracom (Safenet), designed to address the shortcomings of PKCS\11.
Reference:
Formal Analysis of PKCS\11 and Proprietary Extensions (Stéphanie Delaune, Steve Kremer, Graham Steel), In Journal of Computer Security, IOS Press, volume 18, 2010.
Bibtex Entry:
@article{DKS-jcs09,
  abstract =      {PKCS\#11 denes an API for cryptographic devices that
                   has been widely adopted in industry. However, it has
                   been shown to be vulnerable to a variety of attacks
                   that could, for example, compromise the sensitive
                   keys stored on the device. In this paper, we set out
                   a formal model of the operation of the API, which
                   diers from previous security API models notably in
                   that it accounts for non-monotonic mutable global
                   state. We give decidability results for our
                   formalism, and describe an implementation of the
                   resulting decision procedure using the model checker
                   NuSMV. We report some new attacks and prove the
                   safety of some congurations of the API in our model.
                   We also analyse proprietary extensions proposed by
                   nCipher (Thales) and Eracom (Safenet), designed to
                   address the shortcomings of PKCS\#11.},
  author =        {Delaune, St{\'e}phanie and Kremer, Steve and
                   Steel, Graham},
  DOI =           {10.3233/JCS-2009-0394},
  journal =       {Journal of Computer Security},
  month =         nov,
  number =        {6},
  pages =         {1211-1245},
  publisher =     {{IOS} Press},
  title =         {Formal Analysis of {PKCS\#11} and Proprietary
                   Extensions},
  volume =        {18},
  year =          {2010},
  nmonth =        {11},
  url =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/DKS-jcs09.pdf},
  PDF =           {http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/DKS-jcs09.pdf},
  lsv-category =  {jour},
  wwwpublic =     {public and ccsb},
}
Powered by bibtexbrowser