Analysis of the PKCS#11 API Using the Maude-NPA Tool

  • Antonio González-Burgueño
  • Sonia Santiago
  • Santiago Escobar
  • Catherine MeadowsEmail author
  • José MeseguerEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9497)


Cryptographic Application Programmer Interfaces (Crypto APIs) are designed to allow a secure interoperation between applications and cryptographic devices such as smartcards and Hardware Security Modules (HSMs). However, several Crypto APIs have been shown to be subject to attacks in which sensitive information is disclosed to an attacker, such as the RSA Laboratories Public Key Standards PKCS#11, an API widely adopted in industry. Recently, there has been a growing interest on applying automated crypto protocol analysis methods to formally analyze APIs. However, the PKCS#11 has been proven difficult to analyze using such methods since it involves non-monotonic mutable global state. In this paper we specify and analyze the PKCS#11 in Maude-NPA, a general purpose crypto protocol analysis tool.


PKCS#11 Cryptographic application programming interfaces (cryptographic APIs) Symbolic cryptographic protocol analysis Maude-NPA 


  1. 1.
    Abadi, M., Blanchet, B., Fournet, C.: Just fast keying in the pi calculus. ACM Trans. Inf. Syst. Secur. 10(3) (2007). doi: 10.1145/1266977.1266978.
  2. 2.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd edn. Wiley Publishing (2008).
  3. 3.
    Basin, D., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. Int. J. Inf. Secur. 4(3), 181–208 (2005)CrossRefGoogle Scholar
  4. 4.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada, pp. 82–96. IEEE Computer Society, June 2001Google Scholar
  5. 5.
    Bond, M.: Attacks on cryptoprocessor transaction sets. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 220–234. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  6. 6.
    Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and fixing pkcs# 11 security tokens. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 260–269. ACM (2010)Google Scholar
  7. 7.
    Butler, F., Cervesato, I., Jaggard, A.D., Scedrov, A.: A formal analysis of some properties of kerberos 5 using msr. In: CSFW, p. 175. IEEE Computer Society (2002)Google Scholar
  8. 8.
    Centenaro, M., Focardi, R., Luccio, F.L.: Type-based analysis of PKCS#11 key management. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 349–368. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  9. 9.
    Clulow, J.: On the security of PKCS #11. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 411–425. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  10. 10.
    Cortier, V., Steel, G.: A generic security API for symmetric key management on cryptographic devices. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 605–620. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  11. 11.
    Cryptosense. Cryptosense Web Page.
  12. 12.
    Delaune, S., Kremer, S., Steel, G.: Formal analysis of pkcs#11. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, 23–25 June 2008, Pittsburgh, Pennsylvania, pp. 331–344. IEEE Computer Society (2008)Google Scholar
  13. 13.
    Erbatur, S., Escobar, S., Kapur, D., Liu, Z., Lynch, C., Meadows, C., Meseguer, J., Narendran, P., Santiago, S., Sasse, R.: Effective symbolic protocol analysis via equational irreducibility conditions. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 73–90. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  14. 14.
    Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: Cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, J., Gorrieri, R. (eds.) FOSAD 2007/2008/2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  15. 15.
    Escobar, S., Meadows, C., Meseguer, J., Santiago, S.: State space reduction in the Maude-NRL Protocol Analyzer. Inf. Comput. 238, 157–186 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Thayer Fabrega, F.J., Herzog, J., Guttman, J.: Strand spaces: what makes a security protocol correct? J. Comput. Secur. 7, 191–230 (1999)CrossRefGoogle Scholar
  17. 17.
    Focardi, R., Luccio, F.L., Steel, G.: An introduction to security API analysis. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 35–65. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  18. 18.
    Fröschle, S., Steel, G.: Analysing PKCS#11 key management APIs with unbounded fresh data. In: Degano, P., Viganò, L. (eds.) ARSPA-WITS 2009. LNCS, vol. 5511, pp. 92–106. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  19. 19.
    González-Burgueño, A., Santiago, S., Escobar, S., Meadows, C., Meseguer, J.: Analysis of the IBM CCA security API protocols in Maude-NPA. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 111–130. Springer, Heidelberg (2014) Google Scholar
  20. 20.
    IBM. CCA basic services reference and guide: CCA basic services reference and guide for the IBM 4758 PCI and IBM 4764 (2008).
  21. 21.
    Kemmerer, R.A.: Using formal verification techniques to analyze encryption protocols. In: IEEE Symposium on Security and Privacy, pp. 134–139. IEEE Computer Society (1987)Google Scholar
  22. 22.
    Kremer, S., Künnemann, R.: Automated analysis of security protocols with global state. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, 18–21 May, 2014, Berkeley, CA, USA, pp. 163–178 (2014)Google Scholar
  23. 23.
    Künnemann, R.: Automated backward analysis of PKCS#11 v2.20. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 219–238. Springer, Heidelberg (2015) Google Scholar
  24. 24.
  25. 25.
    Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Comput. Secur. 11(1), 75–89 (1992)CrossRefGoogle Scholar
  26. 26.
    Meadows, C.: Applying formal methods to the analysis of a key management protocol. J. Comput. Secur. 1(1) (1992)Google Scholar
  27. 27.
    Meadows, C., Cervesato, I., Syverson, P.: Specification and analysis of the group domain of interpretation protocol using NPATRL and the NRL protocol analyzer. J. Comput. Secur. 12(6), 893–932 (2004)CrossRefGoogle Scholar
  28. 28.
    Meadows, C., Syverson, P.F., Cervesato, I.: Formal specification and analysis of the group domain of interpretation protocol using NPATRL and the NRL protocol analyzer. J. Comput. Secur. 12(6), 893–931 (2004)CrossRefGoogle Scholar
  29. 29.
    Meadows, C.: Analysis of the internet key exchange protocol using the NRL protocol analyzer. In: IEEE Symposium on Security and Privacy, pp 216–231. IEEE Computer Society (1999)Google Scholar
  30. 30.
    Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  31. 31.
  32. 32.
    Tsalapati, E.: Analysis of PKCS#11 using AVISPA tools. Master’s thesis, University of Edinburgh (2007)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Antonio González-Burgueño
    • 1
  • Sonia Santiago
    • 2
  • Santiago Escobar
    • 3
  • Catherine Meadows
    • 4
    Email author
  • José Meseguer
    • 2
    Email author
  1. 1.University of OsloOsloNorway
  2. 2.University of Illinois at Urbana-ChampaignChampaignUSA
  3. 3.DSIC-ELPUniversitat Politècnica de ValènciaValenciaSpain
  4. 4.Naval Research LaboratoryWashington DCUSA

Personalised recommendations