Abstract
We have recently put forward several ideas of how to specify, model, and verify security APIs centered around the slogan ‘security APIs are also like programs’ and first-order linear time logic extended by past operators. We have developed these ideas based on an investigation of PKCS #11, a standard widely adopted in industry, and presented preliminary results at FAST’10. In this paper, we present several novel results about PKCS #11 that we have obtained based on the full implementation of this approach. In particular, this concerns an analysis of the ‘wrap with trusted feature’, a full analysis of which has been out of reach for the previous models. At the same time we provide concepts and terminology that connect to Bond and Clulow’s ‘Types of Intention’ and devise an informal method of configuring and understanding PKCS #11.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anderson, R.: Security Engineering. Wiley Publishing, Inc. (2008)
Bond, M.: Understanding Security APIs. Ph.D. thesis. University of Cambridge (2004)
Bond, M., Clulow, J.: Integrity of intention. Inf. Secur. Tech. Rep. 11, 93–99 (2006)
Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and fixing PKCS#11 security tokens. In: CCS 2010, pp. 260–269. ACM (2010)
Clulow, J.: On the Security of PKCS #11. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 411–425. Springer, Heidelberg (2003)
Delaune, S., Kremer, S., Steel, G.: Formal security analysis of PKCS#11 and proprietary extensions. Journal of Computer Security 18(6), 1211–1245 (2010)
Fröschle, S., Sommer, N.: Reasoning with Past to Prove PKCS#11 Keys Secure. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 96–110. Springer, Heidelberg (2011)
Fröschle, S., Sommer, N.: When is a PKCS#11 configuration secure? Reports of SFB/TR 14 AVACS 82, SFB/TR 14 AVACS (to appear)
Fröschle, S., Steel, G.: Analysing PKCS#11 Key Management APIs with Unbounded Fresh Data. In: Degano, P., Viganò, L. (eds.) ARSPA-WITS 2009. LNCS, vol. 5511, pp. 92–106. Springer, Heidelberg (2009)
RSA Laboratories: PKCS#11: Cryptographic Token Interface Standard, vol. v2.30, Draft 4. RSA Security Inc. (July 2009)
SafeNet, Inc.: Attacking and fixing PKCS#11 security tokens [4]: A response by SafeNet Inc., http://secgroup.ext.dsi.unive.it/pkcs11-security
Sommer, N.: Experiment-based Analysis of PKCS#11. Master’s thesis. University of Oldenburg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fröschle, S., Sommer, N. (2012). Concepts and Proofs for Configuring PKCS#11. In: Barthe, G., Datta, A., Etalle, S. (eds) Formal Aspects of Security and Trust. FAST 2011. Lecture Notes in Computer Science, vol 7140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29420-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-29420-4_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29419-8
Online ISBN: 978-3-642-29420-4
eBook Packages: Computer ScienceComputer Science (R0)