A Formal Theory of Key Conjuring - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Rapport (Rapport De Recherche) Année : 2007

A Formal Theory of Key Conjuring

Résumé

We describe a formalism for key conjuring, the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. This technique has been used to attack the security APIs of several Hardware Security Modules (HSMs), which are widely deployed in the ATM (cash machine) network. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's Common Cryptographic Architecture (CCA).
Fichier principal
Vignette du fichier
CortierDelauneSteel.pdf (359 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

inria-00129642 , version 1 (08-02-2007)
inria-00129642 , version 2 (26-02-2007)

Identifiants

  • HAL Id : inria-00129642 , version 1

Citer

Véronique Cortier, Stéphanie Delaune, Graham Steel. A Formal Theory of Key Conjuring. [Research Report] 2007, pp.38. ⟨inria-00129642v1⟩
167 Consultations
314 Téléchargements

Partager

Gmail Facebook X LinkedIn More