[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2019/462

How to wrap it up - A formally verified proposal for the use of authenticated wrapping in PKCS\#11

Alexander Dax, Robert Künnemann, Sven Tangermann, and Michael Backes

Abstract

Being the most widely used and comprehensive standard for hardware security modules, cryptographic tokens and smart cards, PKCS#11 has been the subject of academic study for years. PKCS#11 provides a key store that is separate from the application, so that, ideally, an application never sees a key in the clear. Again and again, researchers have pointed out the need for an import/export mechanism that ensures the integrity of the permissions associated to a key. With version 2.40, for the first time, the standard included authenticated deterministic encryption schemes. The interface to this operation is insecure, however, so that an application can get the key in the clear, subverting the purpose of using a hardware security module. This work proposes a formal model for the secure use of authenticated deterministic encryption in PKCS11, including concrete API changes to allow for secure policies to be implemented. Owing to the authenticated encryption mechanism, the policy we propose provides more functionality than any policy proposed so far and can be implemented without access to a random number generator. Our results cover modes of operation that rely on unique initialisation vectors (IVs), like GCM or CCM, but also modes that generate synthetic IVs. We furthermore provide a proof for the deduction soundness of our modelling of deterministic encryption in Böhl et.al.'s composable deduction soundness framework.

Note: Revised on Jun 26 2019: added page numbers and more precise suggestions for PKCS#11v3.00

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. CSF 2019
Keywords
formal analysissecurity APIcomputational soundness
Contact author(s)
robert @ kunnemann de
History
2019-06-26: last of 2 revisions
2019-05-10: received
See all versions
Short URL
https://ia.cr/2019/462
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/462,
      author = {Alexander Dax and Robert Künnemann and Sven Tangermann and Michael Backes},
      title = {How to wrap it up - A formally verified proposal for the use of authenticated wrapping in {PKCS}\#11},
      howpublished = {Cryptology {ePrint} Archive, Paper 2019/462},
      year = {2019},
      url = {https://eprint.iacr.org/2019/462}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.