Abstract
The PKCS#11 standard describes an API for cryptographic operations which is used in scenarios where cryptographic secrets need to be kept secret, even in case of server compromise. It is widely deployed and supported by many hardware security modules and smart cards. A variety of attacks in the literature illustrate the importance of a careful configuration, as API-level attacks may otherwise extract keys.
Formal verification of PKCS#11 configurations requires the analysis of a system that contains mutable state, a problem that existing methods solved by either artificially restricting the number of keys, introducing model-specific over-approximation or performing proofs by hand. At Security & Privacy 2014, Kremer and Künnemann presented a variant of the applied pi calculus that handles global state and, in conjunction with the tamarin prover for protocol verification, allows for the precise analysis of protocols with state. Using this tool chain, we show secrecy of keys for a PKCS#11 configuration that makes use of features introduced in version 2.20 of the standard, including wrap and unwrap templates in an extensible model.
This configuration supports the creation of so-called wrapping keys for import and export of sensitive keys (e.g., for backup or transfer), and it permits the co-existence of sensitive keys and non-sensitive keys on the same device.
Chapter PDF
References
Abadi, M., Fournet, C.: Mobile Values, New Names, and Secure Communication. In: POPL 2001. ACM Press (2001)
Adão, P., Focardi, R., Luccio, F.L.: Type-Based Analysis of Generic Key Management APIs. In: CSF, pp. 97–111. IEEE (2013)
Ahmed, N., Jensen, C.D., Zenner, E.: Towards Symbolic Encryption Schemes. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 557–572. Springer, Heidelberg (2012)
Bardou, R., Focardi, R., Kawamoto, Y., Simionato, L., Steel, G., Tsay, J.-K.: Efficient Padding Oracle Attacks on Cryptographic Hardware. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 608–625. Springer, Heidelberg (2012)
Bond, M., Anderson, R.: API level attacks on embedded systems. IEEE Computer Magazine 34(10) (2001)
Bortolozzo, M., et al.: Attacking and Fixing PKCS#11 Security Tokens. In: CCS 2010. ACM Press (2010)
Centenaro, M., Focardi, R., Luccio, F.L.: Type-based analysis of key management in PKCS#11 cryptographic devices. Journal of Computer Security 21(6) (2013)
Clulow, J.: On the security of PKCS #11. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 411–425. Springer, Heidelberg (2003)
Cortier, V., Keighren, G., Steel, G.: Automatic Analysis of the Security of XOR-Based Key Management Schemes. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 538–552. Springer, Heidelberg (2007)
Cortier, V., Steel, G., Wiedling, C.: Revoke and let live: a secure key revocation API for cryptographic devices. In: CCS 2012. ACM (2012)
Delaune, S., Kremer, S., Steel, G.: Formal Analysis of PKCS#11 and Proprietary Extensions. Journal of Computer Security 18(6) (2010)
Durgin, N., et al.: Undecidability of Bounded Security Protocols. In: Workshop on Formal Methods and Security Protocols. IEEE (1999)
Fröschle, S., Sommer, N.: Concepts and Proofs for Configuring PKCS#11. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 131–147. Springer, Heidelberg (2012)
Fröschle, S., Steel, G.: Analysing PKCS#11 key management aPIs with unbounded fresh data. In: Degano, P., Viganò, L. (eds.) ARSPA-WITS 2009. LNCS, vol. 5511, pp. 92–106. Springer, Heidelberg (2009)
Fröschle, S., Sommer, N.: Reasoning with past to prove PKCS#11 keys secure. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 96–110. Springer, Heidelberg (2011)
Fröschle, S.B., Sommer, N.: When is a PKCS#11 configuration secure? Tech. rep. Reports of SFB/TR 14 AVACS 82, SFB/TR 14 AVACS (2011), https://vhome.offis.de/sibyllef/cryptokireport.pdf
Kremer, S., Künnemann, R.: Automated analysis of security protocols with global state. In: Security and Privacy. IEEE Computer Society (2014)
Kremer, S., Künnemann, R., Steel, G.: Universally Composable Key-Management. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 327–344. Springer, Heidelberg (2013)
Kremer, S., Steel, G., Warinschi, B.: Security for Key Management Interfaces. In: CSF 2011, pp. 66–82. IEEE Computer Society (2011)
Longley, D., Rigby, S.: An Automatic Search for Security Flaws in Key Management Schemes. Computers and Security 11(1) (March 1992)
PKCS #11 Cryptographic Token Interface Base Specification Version 2.40, Committee Specification 01. OASIS Open (September 2014), http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.html
PKCS #11: Cryptographic Token Interface Standard. RSA Security Inc. v2.20 (June 2004)
Schmidt, B., et al.: Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties. In: CSF 2012. IEEE (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Künnemann, R. (2015). Automated Backward Analysis of PKCS#11 v2.20. In: Focardi, R., Myers, A. (eds) Principles of Security and Trust. POST 2015. Lecture Notes in Computer Science(), vol 9036. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46666-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-662-46666-7_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46665-0
Online ISBN: 978-3-662-46666-7
eBook Packages: Computer ScienceComputer Science (R0)