Revoke and Let Live: A Secure Key Revocation API for Cryptographic Devices

Véronique Cortier 1 Graham Steel 2 Cyrille Wiedling 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : While extensive research addresses the problem of establishing session keys through cryptographic protocols, relatively little work has appeared addressing the problem of revocation and update of long term keys. We present an API for symmetric key management on embedded devices that supports revocation and prove security properties design in the symbolic model of cryptography. Our API supports two modes of revocation: a passive mode where keys have an expiration time, and an active mode where revocation messages are sent to devices. For the first we show that once enough time has elapsed after the compromise of a key, the system returns to a secure state, i.e. the API is robust against attempts by the attacker to use a compromised key to compromise other keys or keep the compromised key alive past its validity time. For the second we show that once revocation messages have been received the system is immediately in a secure state. Notable features of our designs are that all secret values on the device are revocable, and the device returns to a functionally equivalent state after revocation is complete.
Document type :
Reports
Complete list of metadatas

Cited literature [15 references]  Display  Hide  Download

https://hal.inria.fr/hal-00721945
Contributor : Cyrille Wiedling <>
Submitted on : Tuesday, July 31, 2012 - 10:35:27 AM
Last modification on : Tuesday, December 18, 2018 - 4:38:25 PM
Long-term archiving on : Friday, December 16, 2016 - 4:07:11 AM

File

RR-7949.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00721945, version 1

Citation

Véronique Cortier, Graham Steel, Cyrille Wiedling. Revoke and Let Live: A Secure Key Revocation API for Cryptographic Devices. [Research Report] RR-7949, INRIA. 2012, pp.41. ⟨hal-00721945⟩

Share

Metrics

Record views

596

Files downloads

783