An Introduction to Security API Analysis

  • Riccardo Focardi
  • Flaminia L. Luccio
  • Graham Steel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6858)


A security API is an Application Program Interface that allows untrusted code to access sensitive resources in a secure way. Examples of security APIs include the interface between the tamper-resistant chip on a smartcard (trusted) and the card reader (untrusted), the interface between a cryptographic Hardware Security Module, or HSM (trusted) and the client machine (untrusted), and the Google maps API (an interface between a server, trusted by Google, and the rest of the Internet).


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Hackers crack cash machine PIN codes to steal millions. The Times online,
  2. 2.
  3. 3.
    PIN Crackers Nab Holy Grail of Bank Card Security. Wired Magazine Blog ’Threat Level’,
  4. 4.
    The EMV Standard,
  5. 5.
    Anderson, R.: The correctness of crypto transaction sets. In: 8th International Workshop on Security Protocols (April 2000),
  6. 6.
    Anderson, R.: What we can learn from API security (transcript of discussion). In: Security Protocols, pp. 288–300. Springer, Heidelberg (2003)Google Scholar
  7. 7.
    Anderson, R.: Security Engineering, 2nd edn. Wiley, Chichester (2007)Google Scholar
  8. 8.
    Armando, A., Basin, D.A., Boichut, Y., Chevalier, Y., Compagna, L., Cuéllar, J., Hankes Drielsma, P., Héam, P., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Armando, A., Compagna, L.: SAT-based model-checking for security protocols analysis. Int. J. Inf. Sec. 7(1), 3–32 (2008), Software available at, Currently developed under the AVANTSSAR project, CrossRefMATHGoogle Scholar
  10. 10.
    Berkman, O., Ostrovsky, O.M.: The unbearable lightness of PIN cracking. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 224–238. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Blanchet, B.: From secrecy to authenticity in security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 342–359. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Bond, M.: Attacks on cryptoprocessor transaction sets. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 220–234. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Bond, M., Anderson, R.: API level attacks on embedded systems. IEEE Computer Magazine 34(10), 67–75 (2001)CrossRefGoogle Scholar
  14. 14.
    Bond, M., Clulow, J.: Encrypted? randomised? compromised (when cryptographically secured data is not secure). In: Cryptographic Algorithms and their Uses, pp. 140–151 (2004)Google Scholar
  15. 15.
    Bond, M., Clulow, J.: Extending security protocol analysis: New challenges. Electronic Notes in Theoretical Computer Science 125(1), 13–24 (2005)CrossRefMATHGoogle Scholar
  16. 16.
    Bond, M., Zielinski, P.: Decimalization table attacks for pin cracking. Technical Report UCAM-CL-TR-560, University of Cambridge, Computer Laboratory (2003),
  17. 17.
    Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and fixing PKCS#11 security tokens. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pp. 260–269. ACM Press, Chicago (2010)CrossRefGoogle Scholar
  18. 18.
    Cachin, C., Camenisch, J.: Encrypting keys securely. IEEE Security & Privacy 8(4), 66–69 (2010)CrossRefGoogle Scholar
  19. 19.
    Cachin, C., Chandran, N.: A secure cryptographic token interface. In: Computer Security Foundations (CSF-22), pp. 141–153. IEEE Computer Society Press, Long Island (2009)Google Scholar
  20. 20.
    Centenaro, M., Focardi, R., Luccio, F.L., Steel, G.: Type-based analysis of PIN processing APIs. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 53–68. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Clayton, R., Bond, M.: Experience using a low-cost FPGA design to crack DES keys. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 579–592. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Clulow, J.: The design and analysis of cryptographic APIs for security devices. Master’s thesis, University of Natal, Durban (2003)Google Scholar
  23. 23.
    Clulow, J.: On the security of PKCS#11. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 411–425. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Cortier, V., Steel, G.: A generic security API for symmetric key management on cryptographic devices. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 605–620. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  25. 25.
    Delaune, S., Kremer, S., Steel, G.: Formal analysis of PKCS#11. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), pp. 331–344. IEEE Computer Society Press, Pittsburgh (2008)CrossRefGoogle Scholar
  26. 26.
    Delaune, S., Kremer, S., Steel, G.: Formal analysis of PKCS#11 and proprietary extensions. Journal of Computer Security 18(6), 1211–1245 (2010)CrossRefGoogle Scholar
  27. 27.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions in Information Theory 2(29), 198–208 (1983)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Durante, A., Focardi, R., Gorrieri, R.: A compiler for analyzing cryptographic protocols using noninterference. ACM Transactions on Software Engineering and Methodology 9(4), 488–528 (2000)CrossRefGoogle Scholar
  29. 29.
    Durgin, N.A., Lincoln, P., Mitchell, J.C.: Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security 12(2), 247–311 (2004)CrossRefGoogle Scholar
  30. 30.
    Focardi, R., Luccio, F.L.: Secure upgrade of hardware security modules in bank networks. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 95–110. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  31. 31.
    Focardi, R., Luccio, F.L.: Guessing bank pins by winning a mastermind game. Theory of Computing Systems (to appear, 2011)Google Scholar
  32. 32.
    Focardi, R., Luccio, F.L., Steel, G.: Blunting differential attacks on PIN processing APIs. In: Jøsang, A., Maseng, T., Knapskog, S.J. (eds.) NordSec 2009. LNCS, vol. 5838, pp. 88–103. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  33. 33.
    Fröschle, S., Steel, G.: Analysing PKCS#11 key management APIs with unbounded fresh data. In: Degano, P., Viganò, L. (eds.) ARSPA-WITS 2009. LNCS, vol. 5511, pp. 92–106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  34. 34.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  35. 35.
    Herzog, J.: Applying protocol analysis to security device interfaces. IEEE Security & Privacy Magazine 4(4), 84–87 (2006)CrossRefGoogle Scholar
  36. 36.
    IEEE 1619.3 Technical Committee. IEEE storage standard 1619.3 (key management) (draft),
  37. 37.
    International Organization for Standardization. ISO 9564-1: Banking personal identification number (PIN) management and security, 30 pagesGoogle Scholar
  38. 38.
    Keighren, G.: Model checking security APIs. Master’s thesis, University of Edinburgh (2007)Google Scholar
  39. 39.
    Knuth, D.: The Computer as a Master Mind. Journal of Recreational Mathematics 9, 1–6 (1976)MathSciNetMATHGoogle Scholar
  40. 40.
    Kremer, S., Steel, G., Warinschi, B.: Security for key management interfaces. In: Proceedings of the 24th IEEE Computer Security Foundations Symposium (CSF 2011), Cernay-la-Ville, France, pp. 266–280. IEEE Computer Society Press, Los Alamitos (2011)CrossRefGoogle Scholar
  41. 41.
    Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Computers and Security 11(1), 75–89 (1992)CrossRefGoogle Scholar
  42. 42.
    Lowe, G.: Breaking and fixing the Needham Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  43. 43.
    Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. Journal of Computer Security 14(2), 157–196 (2006)CrossRefGoogle Scholar
  44. 44.
    OASIS Key Management Interoperability Protocol (KMIP) Technical Committee. KMIP – key management interoperability protocol (February 2009),
  45. 45.
  46. 46.
    Pickover, C.A.: The Math Book: From Pythagoras to the 57th Dimension, 250 Milestones in the History of Mathematics. Sterling (2009)Google Scholar
  47. 47.
    RSA Security Inc., v2.20. PKCS #11: Cryptographic Token Interface Standard (June 2004)Google Scholar
  48. 48.
    Schneier, B.: Applied Cryptography, 2nd edn. John Wiley and Sons, Chichester (1996)MATHGoogle Scholar
  49. 49.
    Steel, G.: Formal Analysis of PIN Block Attacks. Theoretical Computer Science 367(1-2), 257–270 (2006)MathSciNetCrossRefMATHGoogle Scholar
  50. 50.
    Stuckman, J., Zhang, G.: Mastermind is NP-Complete. INFOCOMP Journal of Computer Science 5, 25–28 (2006)Google Scholar
  51. 51.
    Tsalapati, E.: Analysis of PKCS#11 using AVISPA tools. Master’s thesis, University of Edinburgh (2007)Google Scholar
  52. 52.
    Youn, P., Adida, B., Bond, M., Clulow, J., Herzog, J., Lin, A., Rivest, R., Anderson, R.: Robbing the bank with a theorem prover. Technical Report UCAM-CL-TR-644, University of Cambridge (August 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Riccardo Focardi
    • 1
  • Flaminia L. Luccio
    • 1
  • Graham Steel
    • 2
  1. 1.DAISUniversità Ca’Foscari VeneziaItaly
  2. 2.LSV, ENS Cachan & CNRS & INRIAFrance

Personalised recommendations