A Formal Theory of Key Conjuring - Inria - Institut national de recherche en sciences et technologies du numérique Access content directly
Reports (Research Report) Year : 2007

A Formal Theory of Key Conjuring

Abstract

We describe a formalism for key conjuring, the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. This technique has been used to attack the security APIs of several Hardware Security Modules (HSMs), which are widely deployed in the ATM (cash machine) network. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's Common Cryptographic Architecture (CCA).

Domains

Cryptography and Security [cs.CR]
Fichier principal
Vignette du fichier
RR-6134.pdf (358.83 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Rapport De Recherche Inria  : Connect in order to contact the contributor

https://inria.hal.science/inria-00129642

Submitted on : Monday, February 26, 2007-4:51:34 PM

Last modification on : Thursday, March 7, 2024-12:32:05 PM

Long-term archiving on: Tuesday, September 21, 2010-12:53:51 PM

Download

Dates and versions

inria-00129642 , version 1 (08-02-2007)
inria-00129642 , version 2 (26-02-2007)

Identifiers

  • HAL Id : inria-00129642 , version 2

Cite

Véronique Cortier, Stéphanie Delaune, Graham Steel. A Formal Theory of Key Conjuring. [Research Report] RR-6134, INRIA. 2007, pp.38. ⟨inria-00129642v2⟩

Export

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

CNRS INRIA UNIV-FCOMTE UNIV-BM FEMTO-ST INRIA-RRRT UNIV-BM-THESE UNIV-LORRAINE INRIA2 LORIA LORIA-FM LARA
167 View
314 Download

Share

Gmail Facebook X LinkedIn More