TY - GEN
T1 - Analysis of the PKCS#11 API using the maude-NPA tool
AU - González-Burgueño, Antonio
AU - Santiago, Sonia
AU - Escobar, Santiago
AU - Meadows, Catherine
AU - Meseguer, José
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - Cryptographic Application Programmer Interfaces (Crypto APIs) are designed to allow a secure interoperation between applications and cryptographic devices such as smartcards and Hardware Security Modules (HSMs). However, several Crypto APIs have been shown to be subject to attacks in which sensitive information is disclosed to an attacker, such as the RSA Laboratories Public Key Standards PKCS#11, an API widely adopted in industry. Recently, there has been a growing interest on applying automated crypto protocol analysis methods to formally analyze APIs. However, the PKCS#11 has been proven difficult to analyze using such methods since it involves non-monotonic mutable global state. In this paper we specify and analyze the PKCS#11 in Maude-NPA, a general purpose crypto protocol analysis tool.
AB - Cryptographic Application Programmer Interfaces (Crypto APIs) are designed to allow a secure interoperation between applications and cryptographic devices such as smartcards and Hardware Security Modules (HSMs). However, several Crypto APIs have been shown to be subject to attacks in which sensitive information is disclosed to an attacker, such as the RSA Laboratories Public Key Standards PKCS#11, an API widely adopted in industry. Recently, there has been a growing interest on applying automated crypto protocol analysis methods to formally analyze APIs. However, the PKCS#11 has been proven difficult to analyze using such methods since it involves non-monotonic mutable global state. In this paper we specify and analyze the PKCS#11 in Maude-NPA, a general purpose crypto protocol analysis tool.
KW - Cryptographic application programming interfaces (cryptographic APIs)
KW - Maude-NPA
KW - PKCS#11
KW - Symbolic cryptographic protocol analysis
UR - http://www.scopus.com/inward/record.url?scp=84952771395&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84952771395&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-27152-1_5
DO - 10.1007/978-3-319-27152-1_5
M3 - Conference contribution
AN - SCOPUS:84952771395
SN - 9783319271514
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 86
EP - 106
BT - Security Standardisation Research - 2nd International Conference, SSR 2015, Proceedings
A2 - Chen, Liqun
A2 - Matsuo, Shin’ichiro
PB - Springer
T2 - 2nd International Conference on Security Standardisation Research, SSR 2015
Y2 - 15 December 2015 through 16 December 2015
ER -