Public Key Cryptography Standards (PKCS) #11 has gained wide acceptance within the cryptographic security device community and has become the interface of choice for many applications. The high esteem in which PKCS #11 is held is evidenced by the fact that it has been selected by a large number of companies as the API for their own devices. In this paper we analyse the security of the PKCS #11 standard as an interface (e.g. an application-programming interface (API)) for a security device. We show that PKCS #11 is vulnerable to a number of known and new API attacks and exhibits a number of design weaknesses that raise questions as to its suitability for this role. Finally we present some design solutions.


American National Standard Institute Token Object Session Object Cryptographic Device Fault Analysis Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    ACI Worldwide, HP Atalla, Diebold, Thales e-Security, and VeriFone Inc. Global interoperable secure key exchange key block specification (2002)Google Scholar
  2. 2.
    ACI Worldwide, HP Atalla, Diebold, Thales e-Security, and VeriFone Inc. Newlyformed payment consortium moves ahead with endorsement of secure 3DES implementation specification: Industry leaders align on new proposed key management standard (2002) Google Scholar
  3. 3.
    American National Standards Institute (ANSI) Accredited Standards Committee (ASC) X9 - Financial Services (X9-F). Notice regarding TDES key wrapping techniques (2002)Google Scholar
  4. 4.
    Bao, F., Deng, R.H., Han, Y., Jeng, A.B., Narasimhalu, A.D., Ngair, T.-H.: Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Bond, M.: Attacks on cryptoprocessor transaction sets. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 220–234. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Bond, M., Anderson, R.J.: API-level attacks on embedded systems. Computer 34(10), 67–75 (2001)zbMATHCrossRefGoogle Scholar
  8. 8.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  9. 9.
    Clayton, R., Bond, M.: Experience using a low-cost FPGA design to crack DES keys. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 579–592. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Clulow, J.: The design and security of public key crypto APIs (2001)Google Scholar
  11. 11.
    Clulow, J.: The design and analysis of cryptographic application programming interfaces for devices. Master’s thesis, University of Natal, Durban (2003)Google Scholar
  12. 12.
    Electronic Frontier Foundation: Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design. O’Reilly, Sebastopol (1998)Google Scholar
  13. 13.
    Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese remaindering based cryptosystems in the presence of faults. Journal of Cryptology 12(4), 241–246 (1999)zbMATHCrossRefGoogle Scholar
  14. 14.
    Kelsey, J., Schneier, B., Wagner, D.: Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
  15. 15.
    Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)Google Scholar
  16. 16.
    Klíma, V., Rosa, T.: Attack on private signature keys of the OpenPGP format, PGPTM programs and other applications compatible with OpenPGP. In: Cryptology ePrint Archive (2002)Google Scholar
  17. 17.
    Klíma, V., Rosa, T.: Further results and considerations on side channel attacks on rsa. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 244–259. Springer, Heidelberg (2003)Google Scholar
  18. 18.
    RSA Security Inc. PKCS #11: Cryptographic Token Interface Standard. An RSA Laboratories Technical Note, Version 2.01, December 22 (1997)Google Scholar
  19. 19.
    Hoornaert, F., Desmedt, Y., Quisquater, J.J.: Several exhaustive key search machines and DES. In: EUROCRYPT 1986, pp. 17–19 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Jolyon Clulow
    • 1
  1. 1.Department of Mathematical, and Statistical SciencesUniversity of NatalDurbanSouth Africa

Personalised recommendations