Type-Based Analysis of PIN Processing APIs

  • Matteo Centenaro
  • Riccardo Focardi
  • Flaminia L. Luccio
  • Graham Steel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)

Abstract

We examine some known attacks on the PIN verification framework, based on weaknesses of the security API for the tamper-resistant Hardware Security Modules used in the network. We specify this API in an imperative language with cryptographic primitives, and show how its flaws are captured by a notion of robustness that extends the one of Myers, Sabelfeld and Zdancewic to our cryptographic setting. We propose an improved API, give an extended type system for assuring integrity and for preserving confidentiality via randomized and non-randomized encryptions, and show our new API to be type-checkable.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Matteo Centenaro
    • 1
  • Riccardo Focardi
    • 1
  • Flaminia L. Luccio
    • 1
  • Graham Steel
    • 2
  1. 1.Dipartimento di InformaticaUniversità Ca’ Foscari VeneziaItaly
  2. 2.LSV, ENS Cachan & CNRS & INRIAFrance

Personalised recommendations