Analysis of Key Wrapping APIs: Generic Policies, Computational Security

Guillaume Scerri, Ryan W Stanley-Oakes

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

11 Citations (Scopus)
283 Downloads (Pure)

Abstract

We present an analysis of key wrapping APIs with generic policies. We prove that certain minimal conditions on policies are sufficient for keys to be indistinguishable from random in any execution of an API. Our result captures a large class of API policies, including both the hierarchies on keys that are common in the scientific literature and the non-linear dependencies on keys used in PKCS#11. Indeed, we use our result to propose a secure refinement of PKCS#11, assuming that the attributes of keys are transmitted as authenticated associated data when wrapping and that there is an enforced separation between keys used for wrapping and keys used for other cryptographic purposes. We use the Computationally Complete Symbolic Attacker developed by Bana and Comon. This model enables us to obtain computational guarantees using a simple proof with a high degree of modularity.
Original languageEnglish
Title of host publication2016 IEEE 28th Computer Security Foundations Symposium (CSF 2016)
Subtitle of host publicationProceedings of a meeting held 27 June - 1 July 2016, Lisbon, Portugal
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages281-295
Number of pages15
ISBN (Electronic)9781509026074
ISBN (Print)9781509026081
DOIs
Publication statusPublished - Aug 2016
Event2016 IEEE Computer Security Foundations Symposium - San Jose, United States
Duration: 23 May 201625 May 2016

Publication series

NameProceedings of the IEEE Computer Security Foundations Symposium
PublisherInstitute of Electrical and Electronics Engineers
ISSN (Print)1063-6900
ISSN (Electronic)2374-8303

Conference

Conference2016 IEEE Computer Security Foundations Symposium
CountryUnited States
CitySan Jose
Period23/05/1625/05/16

Fingerprint Dive into the research topics of 'Analysis of Key Wrapping APIs: Generic Policies, Computational Security'. Together they form a unique fingerprint.

Cite this