Understanding Security APIs - CrySyS Lab

More documents

Recommendations

Info

7.3.1 VSM Compatibles – XOR to Null Key Attack . . . . . . . . . 93 7.3.2 VSM Compatibles – A Key Separation Attack . . . . . . . . . 94 7.3.3 VSM Compatibles – Meet-in-the-Middle Attack . . . . . . . . 95 7.3.4 4758 CCA – Key Import Attack . . . . . . . . . . . . . . . . . 96 7.3.5 4758 CCA – Import/Export Loop Attack . . . . . . . . . . . . 97 7.3.6 4758 CCA – 3DES Key Binding Attack . . . . . . . . . . . . . 98 7.3.7 4758 CCA – Key Part Import Descrack Attack . . . . . . . . 99 7.3.8 4758 CCA – Weak Key Timing Attack . . . . . . . . . . . . . 106 7.3.9 4758 CCA – Check Value Attack . . . . . . . . . . . . . . . . 106 7.3.10 VSM Compatibles – Decimalisation Table Attack . . . . . . . 107 7.3.11 Prism TSM200 – Master Key Attack . . . . . . . . . . . . . . 114 7.3.12 Other Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 7.4 Formal Analysis of Security APIs . . . . . . . . . . . . . . . . . . . . 119 7.4.1 Foundations of Formal Analysis . . . . . . . . . . . . . . . . . 119 7.4.2 Tools Summary . . . . . . . . . . . . . . . . . . . . . . . . . . 121 7.4.3 Case Study: SPASS . . . . . . . . . . . . . . . . . . . . . . . . 122 7.4.4 MIMsearch . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 8 Designing Security APIs 133 8.1 Can Security APIs Solve Your Problem? . . . . . . . . . . . . . . . . 133 8.2 Design Heuristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 8.2.1 General Heuristics . . . . . . . . . . . . . . . . . . . . . . . . 135 8.2.2 Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . 136 8.2.3 Transaction Design . . . . . . . . . . . . . . . . . . . . . . . . 138 8.2.4 Type System Design . . . . . . . . . . . . . . . . . . . . . . . 139 8.2.5 Legacy Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 8.3 Access Control and Trusted Paths . . . . . . . . . . . . . . . . . . . . 141 8.3.1 How much should we trust the host? . . . . . . . . . . . . . . 142 8.3.2 Communicating: Key Material . . . . . . . . . . . . . . . . . . 143 8.3.3 Communicating: Authorisation Information . . . . . . . . . . 144 8.3.4 Providing Feedback: Display Information . . . . . . . . . . . . 148 8.3.5 Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . 149 10
8.4 Personnel and Social Engineering Issues . . . . . . . . . . . . . . . . . 150 8.4.1 Dual Security Officer Attack . . . . . . . . . . . . . . . . . . . 151 8.4.2 M-of-N Security Officer Attack . . . . . . . . . . . . . . . . . 152 8.4.3 How Many Security Officers are Best? . . . . . . . . . . . . . 154 8.4.4 Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . 154 9 The Future of Security APIs 156 9.1 Designing APIs Right . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 9.2 Future API Architectures . . . . . . . . . . . . . . . . . . . . . . . . 157 9.3 Trusted Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 9.4 The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 10 Conclusions 161 10.1 Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . 162 10.2 The Security API Designer . . . . . . . . . . . . . . . . . . . . . . . . 163 10.3 Closing Remark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 11 Glossary 164 11
Page 1 and 2: Understanding Security APIs Michael
Page 3: Dedication To Philip Barnes, who co
Page 6 and 7: Understanding Security APIs Michael
Page 8 and 9: 4.3 Certification Authorities . . .
Page 12 and 13: Chapter 1 Introduction In today’s
Page 14 and 15: Whatever you intend to get out of t
Page 16 and 17: The aspects of the research relatin
Page 18 and 19: it spawned the development of contr
Page 20 and 21: 2.4 Key Dates Year Events 1960 Deve
Page 22 and 23: ciphertext into a four digit number
Page 24 and 25: service engineer). In order for the
Page 26 and 27: 3.3 Development of the Attack Toolk
Page 28 and 29: This key binding attack effectively
Page 30 and 31: Chapter 4 Applications of Security
Page 32 and 33: Higher-level goals maybe to achieve
Page 34 and 35: VISA. It also permits end-to-end co
Page 36 and 37: There are three sorts of threat to
Page 38 and 39: control - and would typically be is
Page 40 and 41: Secure Computing Base (NGSCB), prev
Page 42 and 43: Chapter 5 The Security API Industry
Page 44 and 45: • Individuals, Customers, Clients
Page 46 and 47: 5.2.2 1990 to 2000 Year Events 1991
Page 48 and 49: 5.3 Summary of HSM Manufacturers 5.
Page 50 and 51: pose crypto platform market, and si
Page 52 and 53: 5.3.8 Baltimore http://www.baltimor
Page 54 and 55: The Trusted Computing Group will li
Page 56 and 57: available, but should be carefully
Page 58 and 59: Chapter 6 Hardware Security Modules
Page 60 and 61:
an increasing concern as the device
Page 62 and 63:
• Potting is nowadays one of the
Page 64 and 65:
• Light Sensors can be coupled wi
Page 66 and 67:
6.2.1 Tamper-Evidence Hardware Secu
Page 68 and 69:
6.3 HSM Summary This section introd
Page 70 and 71:
6.3.3 nCipher nForce API nCore API
Page 72 and 73:
6.3.5 nCipher netHSM API nCore API
Page 74 and 75:
6.3.7 Thales RG7000 API Proprietary
Page 76 and 77:
6.3.9 Chrysalis-ITS Luna CA3 API PK
Page 78 and 79:
Chapter 7 Analysis of Security APIs
Page 80 and 81:
First Command: Key Part Import User
Page 82 and 83:
achieve the same functionality as o
Page 84 and 85:
Figure 7.5 shows a common key manag
Page 86 and 87:
7.2 The Attacker’s Toolkit This s
Page 88 and 89:
early HSMs actually used this techn
Page 90 and 91:
PIN numbers are often stored in enc
Page 92 and 93:
operating systems. Naively implemen
Page 94 and 95:
The supervisor key switch is turned
Page 96 and 97:
7.3.4 4758 CCA - Key Import Attack
Page 98 and 99:
7.3.6 4758 CCA - 3DES Key Binding A
Page 100 and 101:
Bank Home Bank Home Bank Home Test
Page 102 and 103:
the number of operations the HSM wo
Page 104 and 105:
Implementation Overview The DES cra
Page 106 and 107:
7.3.8 4758 CCA - Weak Key Timing At
Page 108 and 109:
which is a many-to-one mapping betw
Page 110 and 111:
Digits Possibilities A AAAA(1) AB A
Page 112 and 113:
No # Poss. pins Decimalisation tabl
Page 114 and 115:
tables in a generic way will be har
Page 116 and 117:
Security Officer 1 -> HSM : SM?IK 8
Page 118 and 119:
in. Consider the example below, whi
Page 120 and 121:
Indeed it now seems that many conve
Page 122 and 123:
• Search Tools - such as PROLOG -
Page 124 and 125:
\% these are the commands provided
Page 126 and 127:
--------------------------SPASS-STA
Page 128 and 129:
Problem Specification The API is sp
Page 130 and 131:
UI Decisions Figure 7.23: The MIMse
Page 132 and 133:
Figure 7.25: The MIMsearch ‘Watch
Page 134 and 135:
2. If the Security API prevents cer
Page 136 and 137:
it can be enabled and disabled, the
Page 138 and 139:
• When the host machine sends dat
Page 140 and 141:
8.2.5 Legacy Issues • Isolate you
Page 142 and 143:
The Visa Security Module had a seri
Page 144 and 145:
Class I Passive tokens, which prese
Page 146 and 147:
Smartcards Figure 8.2: Chrysalis Lu
Page 148 and 149:
link to the authorisation process f
Page 150 and 151:
To minimise the risk of breach, eac
Page 152 and 153:
When no privileged operations are r
Page 154 and 155:
8.4.3 How Many Security Officers ar
Page 156 and 157:
Chapter 9 The Future of Security AP
Page 158 and 159:
e unable to assure themselves that
Page 160 and 161:
9.4 The Bottom Line Whilst it is ex
Page 162 and 163:
10.1 Roles and Responsibilities Sec
Page 164 and 165:
Chapter 11 Glossary 4753 IBM Crypto
Page 166 and 167:
PKCS#11 Public Key Cryptography Sta
Page 168 and 169:
[14] J. Clulow, “On the Security
Page 170:
[53] http://www.cl.cam.ac.uk/~rnc1/
show all

Understanding Security APIs - CrySyS Lab

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?