• DocumentCode
    2010190
  • Title

    Formal Analysis of PKCS#11

  • Author

    Delaune, Stephanie ; Kremer, Steve ; Steel, Graham

  • fYear
    2008
  • fDate
    23-25 June 2008
  • Firstpage
    331
  • Lastpage
    344
  • Abstract
    PKCS#11 defines an API for cryptographic devices that has been widely adopted in industry. However, it has been shown to be vulnerable to a variety of attacks that could, for example, compromise the sensitive keys stored on the device. In this paper, we set out a formal model of the operation of the API, which differs from previous security API models notably in that it accounts for non-monotonic mutable global state. We give decidability results for our formalism, and describe an implementation of the resulting decision procedure using a model checker. We report some new attacks and prove the safety of some configurations of the API in our model.
  • Keywords
    Bonding; Computer industry; Computer security; Cryptographic protocols; Laboratories; Metals industry; Public key; Public key cryptography; Safety; Steel; Key management; PKCS11; Security API;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Foundations Symposium, 2008. CSF '08. IEEE 21st
  • Conference_Location
    Pittsburgh, PA, USA
  • ISSN
    1940-1434
  • Print_ISBN
    978-0-7695-3182-3
  • Type

    conf

  • DOI
    10.1109/CSF.2008.16
  • Filename
    4556696
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2010190