Public Key Cryptography Standards (PKCS) #11 has gained wide acceptance within the cryptographic security device community and has become the interface of choice for many applications. The high esteem in which PKCS #11 is held is evidenced by the fact that it has been selected by a large number of companies as the API for their own devices. In this paper we analyse the security of the PKCS #11 standard as an interface (e.g. an application-programming interface (API)) for a security device. We show that PKCS #11 is vulnerable to a number of known and new API attacks and exhibits a number of design weaknesses that raise questions as to its suitability for this role. Finally we present some design solutions.


  1. 1.
    ACI Worldwide, HP Atalla, Diebold, Thales e-Security, and VeriFone Inc. Global interoperable secure key exchange key block specification (2002)Google Scholar
  2. 2.
    ACI Worldwide, HP Atalla, Diebold, Thales e-Security, and VeriFone Inc. Newlyformed payment consortium moves ahead with endorsement of secure 3DES implementation specification: Industry leaders align on new proposed key management standard (2002) Google Scholar
  3. 3.
    American National Standards Institute (ANSI) Accredited Standards Committee (ASC) X9 - Financial Services (X9-F). Notice regarding TDES key wrapping techniques (2002)Google Scholar
  4. 4.
    Bao, F., Deng, R.H., Han, Y., Jeng, A.B., Narasimhalu, A.D., Ngair, T.-H.: Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Biham, E.: New types of cryptanalytic attacks using related keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Bond, M.: Attacks on cryptoprocessor transaction sets. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 220–234. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Bond, M., Anderson, R.J.: API-level attacks on embedded systems. Computer 34(10), 67–75 (2001)MATHCrossRefGoogle Scholar
  8. 8.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  9. 9.
    Clayton, R., Bond, M.: Experience using a low-cost FPGA design to crack DES keys. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 579–592. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Clulow, J.: The design and security of public key crypto APIs (2001)Google Scholar
  11. 11.
    Clulow, J.: The design and analysis of cryptographic application programming interfaces for devices. Master’s thesis, University of Natal, Durban (2003)Google Scholar
  12. 12.
    Electronic Frontier Foundation: Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design. O’Reilly, Sebastopol (1998)Google Scholar
  13. 13.
    Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese remaindering based cryptosystems in the presence of faults. Journal of Cryptology 12(4), 241–246 (1999)MATHCrossRefGoogle Scholar
  14. 14.
    Kelsey, J., Schneier, B., Wagner, D.: Key-schedule cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
  15. 15.
    Kelsey, J., Schneier, B., Wagner, D.: Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)Google Scholar
  16. 16.
    Klíma, V., Rosa, T.: Attack on private signature keys of the OpenPGP format, PGPTM programs and other applications compatible with OpenPGP. In: Cryptology ePrint Archive (2002)Google Scholar
  17. 17.
    Klíma, V., Rosa, T.: Further results and considerations on side channel attacks on rsa. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 244–259. Springer, Heidelberg (2003)Google Scholar
  18. 18.
    RSA Security Inc. PKCS #11: Cryptographic Token Interface Standard. An RSA Laboratories Technical Note, Version 2.01, December 22 (1997)Google Scholar
  19. 19.
    Hoornaert, F., Desmedt, Y., Quisquater, J.J.: Several exhaustive key search machines and DES. In: EUROCRYPT 1986, pp. 17–19 (1986)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Jolyon Clulow
    • 1
  1. 1.Department of Mathematical, and Statistical SciencesUniversity of NatalDurbanSouth Africa

Personalised recommendations