Title :
A Secure Cryptographic Token Interface
Author :
Cachin, Christian ; Chandran, Nishanth
Author_Institution :
Res. Lab., IBM Res. Zurich, Ruschlikon, Switzerland
Abstract :
Cryptographic keys must be protected from exposure. In real-world applications, they are often guarded by cryptographic tokens that employ sophisticated hardware-security measures. Several logical attacks on the key management operations of cryptographic tokens have been reported in the past, which allowed to expose keys merely by exploiting the token API in unexpected ways. This paper proposes a novel, provably secure, cryptographic token interface that supports multiple users, implements symmetric cryptosystems and public-key schemes, and provides operations for key generation, encryption, authentication, and key wrapping. The token interface allows only the most important operations found in real-world token APIs; while flexible to be of practical use, it is restricted enough so that it does not expose any key to a user without sufficient privileges. The security policy can be applied to the industry-standard PKCS #11 interface.
Keywords :
application program interfaces; public key cryptography; API; cryptographic keys; hardware-security measures; industry-standard PKCS interface; key authentication; key encryption; key generation; key management operations; key wrapping; logical attacks; multiple users; public-key schemes; secure cryptographic token interface; security policy; symmetric cryptosystems; Application software; Authentication; Computer science; Computer security; Cryptography; Hardware; Laboratories; Network servers; Protection; Wrapping;
Conference_Titel :
Computer Security Foundations Symposium, 2009. CSF '09. 22nd IEEE
Conference_Location :
Port Jefferson, NY
Print_ISBN :
978-0-7695-3712-2
