Concepts and Proofs for Configuring PKCS#11

  • Sibylle Fröschle
  • Nils Sommer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7140)


We have recently put forward several ideas of how to specify, model, and verify security APIs centered around the slogan ‘security APIs are also like programs’ and first-order linear time logic extended by past operators. We have developed these ideas based on an investigation of PKCS #11, a standard widely adopted in industry, and presented preliminary results at FAST’10. In this paper, we present several novel results about PKCS #11 that we have obtained based on the full implementation of this approach. In particular, this concerns an analysis of the ‘wrap with trusted feature’, a full analysis of which has been out of reach for the previous models. At the same time we provide concepts and terminology that connect to Bond and Clulow’s ‘Types of Intention’ and devise an informal method of configuring and understanding PKCS #11.


Security Property Token Initialization Primary Attack Attribute Template Data Decryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.: Security Engineering. Wiley Publishing, Inc. (2008)Google Scholar
  2. 2.
    Bond, M.: Understanding Security APIs. Ph.D. thesis. University of Cambridge (2004)Google Scholar
  3. 3.
    Bond, M., Clulow, J.: Integrity of intention. Inf. Secur. Tech. Rep. 11, 93–99 (2006)CrossRefGoogle Scholar
  4. 4.
    Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and fixing PKCS#11 security tokens. In: CCS 2010, pp. 260–269. ACM (2010)Google Scholar
  5. 5.
    Clulow, J.: On the Security of PKCS #11. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 411–425. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Delaune, S., Kremer, S., Steel, G.: Formal security analysis of PKCS#11 and proprietary extensions. Journal of Computer Security 18(6), 1211–1245 (2010)Google Scholar
  7. 7.
    Fröschle, S., Sommer, N.: Reasoning with Past to Prove PKCS#11 Keys Secure. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 96–110. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  8. 8.
    Fröschle, S., Sommer, N.: When is a PKCS#11 configuration secure? Reports of SFB/TR 14 AVACS 82, SFB/TR 14 AVACS (to appear)Google Scholar
  9. 9.
    Fröschle, S., Steel, G.: Analysing PKCS#11 Key Management APIs with Unbounded Fresh Data. In: Degano, P., Viganò, L. (eds.) ARSPA-WITS 2009. LNCS, vol. 5511, pp. 92–106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    RSA Laboratories: PKCS#11: Cryptographic Token Interface Standard, vol. v2.30, Draft 4. RSA Security Inc. (July 2009)Google Scholar
  11. 11.
    SafeNet, Inc.: Attacking and fixing PKCS#11 security tokens [4]: A response by SafeNet Inc.,
  12. 12.
    Sommer, N.: Experiment-based Analysis of PKCS#11. Master’s thesis. University of Oldenburg (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Sibylle Fröschle
    • 1
  • Nils Sommer
    • 2
  1. 1.Department of InformaticsUniversity of OldenburgGermany
  2. 2.MWR InfoSecurityBasingstokeUK

Personalised recommendations