A Secure Key Management Interface with Asymmetric Cryptography

Abstract : Cryptographic devices such as Hardware Security Modules are only as secure as their application programme interfaces (APIs) that offer cryptographic functionality to the outside world. Design flaws and implementation errors in security APIs have been shown to cause vulnerabilities that may leak secrets such as keys and PINs. Ideally, we would like to design such interfaces in such a way that we can formally prove security properties, even in the presence of some corrupted keys. In this work, we take such a design for a provably secure interface for symmetric key management, due to Cortier and Steel, and extend it to asymmetric cryptography, giving new security definitions and associated proofs. Asymmetric cryptography forces us to consider confidentiality and integrity properties separately and provide support for classical operations of public key infrastructure (e.g. certification of public keys). As far as we are aware this is the first such provably secure interface to support asymmetric key operations for key management: Cachin and Chandran's secure token interface supports asymmetric key operations only for encrypting and signing data, not for managing keys.
Document type :
Reports
Liste complète des métadonnées

Cited literature [10 references]  Display  Hide  Download

https://hal.inria.fr/hal-00805987
Contributor : Graham Steel <>
Submitted on : Thursday, April 25, 2013 - 2:55:56 PM
Last modification on : Thursday, November 15, 2018 - 11:56:35 AM
Document(s) archivé(s) le : Monday, April 3, 2017 - 11:40:15 PM

File

asym_API_RR.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00805987, version 2

Citation

Marion Daubignard, David Lubicz, Graham Steel. A Secure Key Management Interface with Asymmetric Cryptography. [Research Report] RR-8274, INRIA. 2013. ⟨hal-00805987v2⟩

Share

Metrics

Record views

492

Files downloads

323