Revoke and Let Live: A Secure Key Revocation API for Cryptographic Devices

Véronique Cortier 1 Graham Steel 2 Cyrille Wiedling 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : While extensive research addresses the problem of establishing session keys through cryptographic protocols, relatively little work has appeared addressing the problem of revocation and update of long term keys. We present an API for symmetric key management on embedded devices that supports revocation and prove security properties design in the symbolic model of cryptography. Our API supports two modes of revocation: a passive mode where keys have an expiration time, and an active mode where revocation messages are sent to devices. For the first we show that once enough time has elapsed after the compromise of a key, the system returns to a secure state, i.e. the API is robust against attempts by the attacker to use a compromised key to compromise other keys or keep the compromised key alive past its validity time. For the second we show that once revocation messages have been received the system is immediately in a secure state. Notable features of our designs are that all secret values on the device are revocable, and the device returns to a functionally equivalent state after revocation is complete.
Type de document :
Communication dans un congrès
19th ACM Conference on Computer and Communications Security (CCS'12), Oct 2012, Raleigh, United States. ACM, 2012
Liste complète des métadonnées

https://hal.inria.fr/hal-00732902
Contributeur : Véronique Cortier <>
Soumis le : lundi 17 septembre 2012 - 13:23:07
Dernière modification le : vendredi 6 juillet 2018 - 15:06:10

Identifiants

  • HAL Id : hal-00732902, version 1

Citation

Véronique Cortier, Graham Steel, Cyrille Wiedling. Revoke and Let Live: A Secure Key Revocation API for Cryptographic Devices. 19th ACM Conference on Computer and Communications Security (CCS'12), Oct 2012, Raleigh, United States. ACM, 2012. 〈hal-00732902〉

Partager

Métriques

Consultations de la notice

336