Type-Based Analysis of PIN Processing APIs

  • Matteo Centenaro
  • Riccardo Focardi
  • Flaminia L. Luccio
  • Graham Steel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)


We examine some known attacks on the PIN verification framework, based on weaknesses of the security API for the tamper-resistant Hardware Security Modules used in the network. We specify this API in an imperative language with cryptographic primitives, and show how its flaws are captured by a notion of robustness that extends the one of Myers, Sabelfeld and Zdancewic to our cryptographic setting. We propose an improved API, give an extended type system for assuring integrity and for preserving confidentiality via randomized and non-randomized encryptions, and show our new API to be type-checkable.


Message Authentication Code Integrity Level Typing Rule Integrity Representative Cryptographic Primitive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Hackers crack cash machine PIN codes to steal millions,
  2. 2.
    PIN Crackers Nab Holy Grail of Bank Card Security. Wired Magazine Blog ’Threat Level’,
  3. 3.
    Abadi, M.: Secrecy by typing in security protocols. JACM 46(5), 749–786 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Abadi, M., Jurjens, J.: Formal eavesdropping and its computational interpretation. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 82–94. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). JCRYPTOL 15(2), 103–127 (2002)MathSciNetzbMATHGoogle Scholar
  6. 6.
    Adão, P., Bana, G., Herzog, J., Scedrov, A.: Soundness of formal encryption in the presence of key-cycles. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 374–396. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Askarov, A., Hedin, D., Sabelfeld, A.: Cryptographically-masked flows. Theoretical Computer Science 402(2-3), 82–101 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Berkman, O., Ostrovsky, O.: The unbearable lightness of PIN cracking. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 224–238. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Bond, M., Zielinski, P.: Decimalization table attacks for PIN cracking. Technical Report UCAM-CL-TR-560, University of Cambridge, Computer Laboratory (2003)Google Scholar
  10. 10.
    Clulow, J.: The design and analysis of cryptographic APIs for security devices. Master’s thesis, University of Natal, Durban (2003)Google Scholar
  11. 11.
    Courant, J., Ene, C., Lakhnech, Y.: Computationally sound typing for non-interference: The case of deterministic encryption. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 364–375. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Delaune, S., Kremer, S., Steel, G.: Formal analysis of PKCS#11. In: IEEE Computer Security Foundations Symposium, June 23-25 2008, pp. 331–344 (2008)Google Scholar
  13. 13.
    Focardi, R., Centenaro, M.: Information flow security of multi-threaded distributed programs. In: ACM SIGPLAN PLAS 2008, June 8, 2008, pp. 113–124 (2008)Google Scholar
  14. 14.
    Focardi, R., Centenaro, M., Luccio, F., Steel, G.: Type-based analysis of PIN processing APIs (full version). Technical Report CS-2009-6, Università Ca’ Foscari, Venezia, Italy (2009),
  15. 15.
    Focardi, R., Luccio, F.L., Steel, G.: Improving pin processing api security. In: Workshop on Analysis of Security APIs, July 10-11 (to appear, 2009)Google Scholar
  16. 16.
    Fournet, C., Rezk, T.: Cryptographically sound implementations for typed information-flow security. In: POPL 2008, pp. 323–335. ACM Press, New York (2008)Google Scholar
  17. 17.
    Gordon, A., Jeffrey, A.: Authenticity by typing for security protocols. Technical Report MSR-2001-49, Microsoft Research (2001)Google Scholar
  18. 18.
    I. Inc. CCA Basic Services Reference and Guide for the IBM 4758 PCI and IBM 4764 PCI-X Cryptographic Coprocessors. Technical report, 2006. Rel. 2.53–3.27 (2006)Google Scholar
  19. 19.
    Keighren, G., Aspinall, A., Steel, G.: Towards a type system for security APIs. In: ARSPA-WITS 2009, York, UK, March 28-29, 2009, pp. 173–192 (2009)Google Scholar
  20. 20.
    Laud, P.: On the computational soundness of cryptographically masked flows. In: POPL 2008, pp. 337–348. ACM Press, New York (2008)Google Scholar
  21. 21.
    Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Computers and Security 11(1), 75–89 (1992)CrossRefGoogle Scholar
  22. 22.
    Mannan, M., van Oorschot, P.: Reducing threats from flawed security APIs: The banking PIN case. Computers & Security 28(6), 410–420 (2009)CrossRefGoogle Scholar
  23. 23.
    Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. Journal of Computer Security 14(2), 157–196 (2006)CrossRefGoogle Scholar
  24. 24.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  25. 25.
    Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security (to appear)Google Scholar
  26. 26.
    Steel, G.: Formal Analysis of PIN Block Attacks. TCS 367(1-2), 257–270 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  27. 27.
    Vaughan, J.A., Zdancewic, S.: A cryptographic decentralized label model. In: IEEE Symposium on Security and Privacy, pp. 192–206. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  28. 28.
    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. Journal of Computer Security 4(2/3), 167–187 (1996)CrossRefGoogle Scholar
  29. 29.
    Youn, P., Adida, B., Bond, M., Clulow, J., Herzog, J., Lin, A., Rivest, R., Anderson, R.: Robbing the bank with a theorem prover. Technical Report UCAM-CL-TR-644, University of Cambridge (August 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Matteo Centenaro
    • 1
  • Riccardo Focardi
    • 1
  • Flaminia L. Luccio
    • 1
  • Graham Steel
    • 2
  1. 1.Dipartimento di InformaticaUniversità Ca’ Foscari VeneziaItaly
  2. 2.LSV, ENS Cachan & CNRS & INRIAFrance

Personalised recommendations