Title :
Formal Analysis of PKCS#11
Author :
Delaune, Stephanie ; Kremer, Steve ; Steel, Graham
Abstract :
PKCS#11 defines an API for cryptographic devices that has been widely adopted in industry. However, it has been shown to be vulnerable to a variety of attacks that could, for example, compromise the sensitive keys stored on the device. In this paper, we set out a formal model of the operation of the API, which differs from previous security API models notably in that it accounts for non-monotonic mutable global state. We give decidability results for our formalism, and describe an implementation of the resulting decision procedure using a model checker. We report some new attacks and prove the safety of some configurations of the API in our model.
Keywords :
Bonding; Computer industry; Computer security; Cryptographic protocols; Laboratories; Metals industry; Public key; Public key cryptography; Safety; Steel; Key management; PKCS11; Security API;
Conference_Titel :
Computer Security Foundations Symposium, 2008. CSF '08. IEEE 21st
Conference_Location :
Pittsburgh, PA, USA
Print_ISBN :
978-0-7695-3182-3
DOI :
10.1109/CSF.2008.16
