Starting from previous vulnerability analysis of the standard PKCS#11, we describe Microsoft CryptoAPI interface identifying all the possible attacks that can be performed to discover secret keys values, in hardware devices which support key management by both the standards. First, we formalize a model for CAPI, then a super model for both the standards, to describe in a unique way all the operations that can be performed. We consider interoperability between PKCS#11 and CryptoAPI, evidencing APIs differences in structures and usages. We try to use functions of both the APIs to test extensively other attacks on sensitive keys stored in the tokens. In addition to vulnerabilities, we propose some solutions to set up the most possible secure configuration for hardware devices. Future work considers the Microsoft CNG APIs, and possible new integration with PKCS#11.

Security and interoperability of APIs for cryptographic devices

Pretotto, Andrea
2014/2015

Abstract

Starting from previous vulnerability analysis of the standard PKCS#11, we describe Microsoft CryptoAPI interface identifying all the possible attacks that can be performed to discover secret keys values, in hardware devices which support key management by both the standards. First, we formalize a model for CAPI, then a super model for both the standards, to describe in a unique way all the operations that can be performed. We consider interoperability between PKCS#11 and CryptoAPI, evidencing APIs differences in structures and usages. We try to use functions of both the APIs to test extensively other attacks on sensitive keys stored in the tokens. In addition to vulnerabilities, we propose some solutions to set up the most possible secure configuration for hardware devices. Future work considers the Microsoft CNG APIs, and possible new integration with PKCS#11.
2014-03-11
File in questo prodotto:
File Dimensione Formato  
820955-1173991.pdf

accesso aperto

Tipologia: Altro materiale allegato
Dimensione 844.47 kB
Formato Adobe PDF
844.47 kB Adobe PDF Visualizza/Apri

I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14247/3243