A Provably Secure PKCS#11 Configuration Without Authenticated Attributes

Ryan Stanley-Oakes

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

196 Downloads (Pure)

Abstract

Cryptographic APIs like PKCS#11 are interfaces to trusted hardware where keys are stored; the secret keys should never leave the trusted hardware in plaintext. In PKCS#11 it is possible to give keys conflicting roles, leading to a number of key-recovery attacks. To prevent these attacks, one can authenticate the attributes of keys when wrapping, but this is not standard in PKCS#11. Alternatively, one can configure PKCS#11 to place additional restrictions on the commands permitted by the API.

Bortolozzo et al. proposed a configuration of PKCS#11, called the Secure Templates Patch (STP), supporting symmetric encryption and key wrapping. However, the security guarantees for STP given by Bortolozzo et al. are with respect to a weak attacker model. STP has been implemented as a set of filtering rules in Caml Crush, a software filter for PKCS#11 that rejects certain API calls. The filtering rules in Caml Crush extend STP by allowing users to compute and verify MACs and so the previous analysis of STP does not apply to this configuration.

We give a rigorous analysis of STP, including the extension used in Caml Crush. Our contribution is as follows:
(i) We show that the extension of STP used in Caml Crush is insecure.
(ii) We propose a strong, computational security model for configurations of PKCS#11 where the adversary can adaptively corrupt keys and prove that STP is secure in this model.
(iii) We prove the security of an extension of STP that adds support for public-key encryption and digital signatures.
Original languageEnglish
Title of host publicationFinancial Cryptography and Data Security
Subtitle of host publication21st International Conference, FC 2017, Valletta, Malta, April 3-7, 2017, Revised Selected Papers
PublisherSpringer Berlin Heidelberg
Pages145-162
Number of pages18
ISBN (Electronic)9783319709727
ISBN (Print)9783319709710
DOIs
Publication statusPublished - 1 Feb 2018

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Berlin Heidelberg
ISSN (Print)0302-9743

Fingerprint Dive into the research topics of 'A Provably Secure PKCS#11 Configuration Without Authenticated Attributes'. Together they form a unique fingerprint.

  • Cite this

    Stanley-Oakes, R. (2018). A Provably Secure PKCS#11 Configuration Without Authenticated Attributes. In Financial Cryptography and Data Security: 21st International Conference, FC 2017, Valletta, Malta, April 3-7, 2017, Revised Selected Papers (pp. 145-162). (Lecture Notes in Computer Science). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-319-70972-7