A Formal Theory of Key Conjuring

A Formal Theory of Key Conjuring. Véronique Cortier, Stéphanie Delaune, and Graham Steel. Rapport de recherche RR-6134, INRIA, 2007.

Download

[PDF] [HTML] 

Abstract

We describe a formalism for key conjuring, the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. This technique has been used to attack the security APIs of several Hardware Security Modules (HSMs), which are widely deployed in the ATM (cash machine) network. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's Common Cryptographic Architecture (CCA).

BibTeX

@techreport{CORTIER:2007:INRIA-00129642:2,
    hal_id = {inria-00129642},
    title = {{A Formal Theory of Key Conjuring}},
    author = {Cortier, V{\'e}ronique and Delaune, St{\'e}phanie and Steel, Graham},
    abstract = {{We describe a formalism for key conjuring, the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. This technique has been used to attack the security APIs of several Hardware Security Modules (HSMs), which are widely deployed in the ATM (cash machine) network. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's Common Cryptographic Architecture (CCA).}},
    keywords = {security protocols; API; exclusive or; decision procedure},
    language = {Anglais},
    affiliation = {CASSIS - INRIA Lorraine - LORIA / LIFC , School of Informatics - Informatics},
    pages = {38},
    type = {Rapport de recherche},
    institution = {INRIA},
    number = {RR-6134},
    year = {2007},
}

Parts of this page have been generated by bib2html.pl (written by Patrick Riley ) on Tue Feb 13, 2024 14:48:49