- Page 1 and 2: Understanding Security APIs Michael
- Page 3: Dedication To Philip Barnes, who co
- Page 6 and 7: Understanding Security APIs Michael
- Page 8 and 9: 4.3 Certification Authorities . . .
- Page 12 and 13: Chapter 1 Introduction In today’s
- Page 14 and 15: Whatever you intend to get out of t
- Page 16 and 17: The aspects of the research relatin
- Page 18 and 19: it spawned the development of contr
- Page 20 and 21: 2.4 Key Dates Year Events 1960 Deve
- Page 22 and 23: ciphertext into a four digit number
- Page 24 and 25: service engineer). In order for the
- Page 26 and 27: 3.3 Development of the Attack Toolk
- Page 28 and 29: This key binding attack effectively
- Page 30 and 31: Chapter 4 Applications of Security
- Page 32 and 33: Higher-level goals maybe to achieve
- Page 34 and 35: VISA. It also permits end-to-end co
- Page 36 and 37: There are three sorts of threat to
- Page 38 and 39: control - and would typically be is
- Page 40 and 41: Secure Computing Base (NGSCB), prev
- Page 42 and 43: Chapter 5 The Security API Industry
- Page 44 and 45: • Individuals, Customers, Clients
- Page 46 and 47: 5.2.2 1990 to 2000 Year Events 1991
- Page 48 and 49: 5.3 Summary of HSM Manufacturers 5.
- Page 50 and 51: pose crypto platform market, and si
- Page 52 and 53: 5.3.8 Baltimore http://www.baltimor
- Page 54 and 55: The Trusted Computing Group will li
- Page 56 and 57: available, but should be carefully
- Page 58 and 59: Chapter 6 Hardware Security Modules
- Page 60 and 61:
an increasing concern as the device
- Page 62 and 63:
• Potting is nowadays one of the
- Page 64 and 65:
• Light Sensors can be coupled wi
- Page 66 and 67:
6.2.1 Tamper-Evidence Hardware Secu
- Page 68 and 69:
6.3 HSM Summary This section introd
- Page 70 and 71:
6.3.3 nCipher nForce API nCore API
- Page 72 and 73:
6.3.5 nCipher netHSM API nCore API
- Page 74 and 75:
6.3.7 Thales RG7000 API Proprietary
- Page 76 and 77:
6.3.9 Chrysalis-ITS Luna CA3 API PK
- Page 78 and 79:
Chapter 7 Analysis of Security APIs
- Page 80 and 81:
First Command: Key Part Import User
- Page 82 and 83:
achieve the same functionality as o
- Page 84 and 85:
Figure 7.5 shows a common key manag
- Page 86 and 87:
7.2 The Attacker’s Toolkit This s
- Page 88 and 89:
early HSMs actually used this techn
- Page 90 and 91:
PIN numbers are often stored in enc
- Page 92 and 93:
operating systems. Naively implemen
- Page 94 and 95:
The supervisor key switch is turned
- Page 96 and 97:
7.3.4 4758 CCA - Key Import Attack
- Page 98 and 99:
7.3.6 4758 CCA - 3DES Key Binding A
- Page 100 and 101:
Bank Home Bank Home Bank Home Test
- Page 102 and 103:
the number of operations the HSM wo
- Page 104 and 105:
Implementation Overview The DES cra
- Page 106 and 107:
7.3.8 4758 CCA - Weak Key Timing At
- Page 108 and 109:
which is a many-to-one mapping betw
- Page 110 and 111:
Digits Possibilities A AAAA(1) AB A
- Page 112 and 113:
No # Poss. pins Decimalisation tabl
- Page 114 and 115:
tables in a generic way will be har
- Page 116 and 117:
Security Officer 1 -> HSM : SM?IK 8
- Page 118 and 119:
in. Consider the example below, whi
- Page 120 and 121:
Indeed it now seems that many conve
- Page 122 and 123:
• Search Tools - such as PROLOG -
- Page 124 and 125:
\% these are the commands provided
- Page 126 and 127:
--------------------------SPASS-STA
- Page 128 and 129:
Problem Specification The API is sp
- Page 130 and 131:
UI Decisions Figure 7.23: The MIMse
- Page 132 and 133:
Figure 7.25: The MIMsearch ‘Watch
- Page 134 and 135:
2. If the Security API prevents cer
- Page 136 and 137:
it can be enabled and disabled, the
- Page 138 and 139:
• When the host machine sends dat
- Page 140 and 141:
8.2.5 Legacy Issues • Isolate you
- Page 142 and 143:
The Visa Security Module had a seri
- Page 144 and 145:
Class I Passive tokens, which prese
- Page 146 and 147:
Smartcards Figure 8.2: Chrysalis Lu
- Page 148 and 149:
link to the authorisation process f
- Page 150 and 151:
To minimise the risk of breach, eac
- Page 152 and 153:
When no privileged operations are r
- Page 154 and 155:
8.4.3 How Many Security Officers ar
- Page 156 and 157:
Chapter 9 The Future of Security AP
- Page 158 and 159:
e unable to assure themselves that
- Page 160 and 161:
9.4 The Bottom Line Whilst it is ex
- Page 162 and 163:
10.1 Roles and Responsibilities Sec
- Page 164 and 165:
Chapter 11 Glossary 4753 IBM Crypto
- Page 166 and 167:
PKCS#11 Public Key Cryptography Sta
- Page 168 and 169:
[14] J. Clulow, “On the Security
- Page 170:
[53] http://www.cl.cam.ac.uk/~rnc1/