Understanding Security APIs - CrySyS Lab

More documents

Recommendations

Info

4.3 Certification Authorities . . . . . . . . . . . . . . . . . . . . . . . . . 34 4.3.1 Public Key Infrastructures . . . . . . . . . . . . . . . . . . . . 34 4.3.2 Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 4.4 Prepayment Electricity Meters . . . . . . . . . . . . . . . . . . . . . . 37 4.5 SSL Security and Acceleration . . . . . . . . . . . . . . . . . . . . . . 38 4.6 Digital Rights Management . . . . . . . . . . . . . . . . . . . . . . . 38 4.7 Military Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 4.8 Specialist Applications . . . . . . . . . . . . . . . . . . . . . . . . . . 40 5 The Security API Industry 42 5.1 People and Organisations using Security APIs . . . . . . . . . . . . . 42 5.2 Corporate Timeline . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 5.2.1 1970 to 1990 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 5.2.2 1990 to 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 5.2.3 2000 to Present . . . . . . . . . . . . . . . . . . . . . . . . . . 47 5.3 Summary of HSM Manufacturers . . . . . . . . . . . . . . . . . . . . 48 5.3.1 IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.3.2 Thales / Zaxus / Racal . . . . . . . . . . . . . . . . . . . . . . 48 5.3.3 nCipher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 5.3.4 HP Atalla . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 5.3.5 Chrysalis-ITS . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 5.3.6 Prism Payment Technologies . . . . . . . . . . . . . . . . . . . 51 5.3.7 Eracom . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 5.3.8 Baltimore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 5.3.9 Jones-Futurex . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 5.3.10 Other Security API Vendors . . . . . . . . . . . . . . . . . . . 52 5.3.11 Odds and Ends . . . . . . . . . . . . . . . . . . . . . . . . . . 53 5.4 Interacting with Vendors . . . . . . . . . . . . . . . . . . . . . . . . . 54 5.4.1 Buying from Vendors . . . . . . . . . . . . . . . . . . . . . . . 54 5.4.2 Reporting Faults to Vendors . . . . . . . . . . . . . . . . . . . 56 8
6 Hardware Security Modules 58 6.1 A Brief History of HSMs . . . . . . . . . . . . . . . . . . . . . . . . . 58 6.2 Physical Tamper-resistance . . . . . . . . . . . . . . . . . . . . . . . . 61 6.2.1 Tamper-Evidence . . . . . . . . . . . . . . . . . . . . . . . . . 66 6.3 HSM Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 6.3.1 IBM 4758-001 . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 6.3.2 IBM 4758-002 . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 6.3.3 nCipher nForce . . . . . . . . . . . . . . . . . . . . . . . . . . 70 6.3.4 nCipher nShield . . . . . . . . . . . . . . . . . . . . . . . . . . 71 6.3.5 nCipher netHSM . . . . . . . . . . . . . . . . . . . . . . . . . 72 6.3.6 Prism TSM200 . . . . . . . . . . . . . . . . . . . . . . . . . . 73 6.3.7 Thales RG7000 . . . . . . . . . . . . . . . . . . . . . . . . . . 74 6.3.8 Atalla NSP10000 . . . . . . . . . . . . . . . . . . . . . . . . . 75 6.3.9 Chrysalis-ITS Luna CA3 . . . . . . . . . . . . . . . . . . . . . 76 6.3.10 Visa Security Module . . . . . . . . . . . . . . . . . . . . . . . 77 7 Analysis of Security APIs 78 7.1 Abstractions of Security APIs . . . . . . . . . . . . . . . . . . . . . . 78 7.1.1 Describing API Commands with Protocol Notation . . . . . . 78 7.1.2 Key Typing Systems . . . . . . . . . . . . . . . . . . . . . . . 81 7.1.3 Key Hierarchies . . . . . . . . . . . . . . . . . . . . . . . . . . 83 7.1.4 Monotonicity and Security APIs . . . . . . . . . . . . . . . . . 84 7.2 The Attacker’s Toolkit . . . . . . . . . . . . . . . . . . . . . . . . . . 86 7.2.1 Unauthorised Type-casting . . . . . . . . . . . . . . . . . . . . 86 7.2.2 The Meet-in-the-Middle Attack . . . . . . . . . . . . . . . . . 86 7.2.3 Key Conjuring . . . . . . . . . . . . . . . . . . . . . . . . . . 87 7.2.4 Related Key Attacks . . . . . . . . . . . . . . . . . . . . . . . 88 7.2.5 Poor Key-half Binding . . . . . . . . . . . . . . . . . . . . . . 89 7.2.6 Differential Protocol Analysis . . . . . . . . . . . . . . . . . . 89 7.2.7 Timing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 91 7.2.8 Check Value Attacks . . . . . . . . . . . . . . . . . . . . . . . 92 7.3 An Abundance of Attacks . . . . . . . . . . . . . . . . . . . . . . . . 93 9
Page 1 and 2: Understanding Security APIs Michael
Page 3: Dedication To Philip Barnes, who co
Page 6 and 7: Understanding Security APIs Michael
Page 10 and 11: 7.3.1 VSM Compatibles - XOR to Null
Page 12 and 13: Chapter 1 Introduction In today’s
Page 14 and 15: Whatever you intend to get out of t
Page 16 and 17: The aspects of the research relatin
Page 18 and 19: it spawned the development of contr
Page 20 and 21: 2.4 Key Dates Year Events 1960 Deve
Page 22 and 23: ciphertext into a four digit number
Page 24 and 25: service engineer). In order for the
Page 26 and 27: 3.3 Development of the Attack Toolk
Page 28 and 29: This key binding attack effectively
Page 30 and 31: Chapter 4 Applications of Security
Page 32 and 33: Higher-level goals maybe to achieve
Page 34 and 35: VISA. It also permits end-to-end co
Page 36 and 37: There are three sorts of threat to
Page 38 and 39: control - and would typically be is
Page 40 and 41: Secure Computing Base (NGSCB), prev
Page 42 and 43: Chapter 5 The Security API Industry
Page 44 and 45: • Individuals, Customers, Clients
Page 46 and 47: 5.2.2 1990 to 2000 Year Events 1991
Page 48 and 49: 5.3 Summary of HSM Manufacturers 5.
Page 50 and 51: pose crypto platform market, and si
Page 52 and 53: 5.3.8 Baltimore http://www.baltimor
Page 54 and 55: The Trusted Computing Group will li
Page 56 and 57: available, but should be carefully
Page 58 and 59:
Chapter 6 Hardware Security Modules
Page 60 and 61:
an increasing concern as the device
Page 62 and 63:
• Potting is nowadays one of the
Page 64 and 65:
• Light Sensors can be coupled wi
Page 66 and 67:
6.2.1 Tamper-Evidence Hardware Secu
Page 68 and 69:
6.3 HSM Summary This section introd
Page 70 and 71:
6.3.3 nCipher nForce API nCore API
Page 72 and 73:
6.3.5 nCipher netHSM API nCore API
Page 74 and 75:
6.3.7 Thales RG7000 API Proprietary
Page 76 and 77:
6.3.9 Chrysalis-ITS Luna CA3 API PK
Page 78 and 79:
Chapter 7 Analysis of Security APIs
Page 80 and 81:
First Command: Key Part Import User
Page 82 and 83:
achieve the same functionality as o
Page 84 and 85:
Figure 7.5 shows a common key manag
Page 86 and 87:
7.2 The Attacker’s Toolkit This s
Page 88 and 89:
early HSMs actually used this techn
Page 90 and 91:
PIN numbers are often stored in enc
Page 92 and 93:
operating systems. Naively implemen
Page 94 and 95:
The supervisor key switch is turned
Page 96 and 97:
7.3.4 4758 CCA - Key Import Attack
Page 98 and 99:
7.3.6 4758 CCA - 3DES Key Binding A
Page 100 and 101:
Bank Home Bank Home Bank Home Test
Page 102 and 103:
the number of operations the HSM wo
Page 104 and 105:
Implementation Overview The DES cra
Page 106 and 107:
7.3.8 4758 CCA - Weak Key Timing At
Page 108 and 109:
which is a many-to-one mapping betw
Page 110 and 111:
Digits Possibilities A AAAA(1) AB A
Page 112 and 113:
No # Poss. pins Decimalisation tabl
Page 114 and 115:
tables in a generic way will be har
Page 116 and 117:
Security Officer 1 -> HSM : SM?IK 8
Page 118 and 119:
in. Consider the example below, whi
Page 120 and 121:
Indeed it now seems that many conve
Page 122 and 123:
• Search Tools - such as PROLOG -
Page 124 and 125:
\% these are the commands provided
Page 126 and 127:
--------------------------SPASS-STA
Page 128 and 129:
Problem Specification The API is sp
Page 130 and 131:
UI Decisions Figure 7.23: The MIMse
Page 132 and 133:
Figure 7.25: The MIMsearch ‘Watch
Page 134 and 135:
2. If the Security API prevents cer
Page 136 and 137:
it can be enabled and disabled, the
Page 138 and 139:
• When the host machine sends dat
Page 140 and 141:
8.2.5 Legacy Issues • Isolate you
Page 142 and 143:
The Visa Security Module had a seri
Page 144 and 145:
Class I Passive tokens, which prese
Page 146 and 147:
Smartcards Figure 8.2: Chrysalis Lu
Page 148 and 149:
link to the authorisation process f
Page 150 and 151:
To minimise the risk of breach, eac
Page 152 and 153:
When no privileged operations are r
Page 154 and 155:
8.4.3 How Many Security Officers ar
Page 156 and 157:
Chapter 9 The Future of Security AP
Page 158 and 159:
e unable to assure themselves that
Page 160 and 161:
9.4 The Bottom Line Whilst it is ex
Page 162 and 163:
10.1 Roles and Responsibilities Sec
Page 164 and 165:
Chapter 11 Glossary 4753 IBM Crypto
Page 166 and 167:
PKCS#11 Public Key Cryptography Sta
Page 168 and 169:
[14] J. Clulow, “On the Security
Page 170:
[53] http://www.cl.cam.ac.uk/~rnc1/
show all

Understanding Security APIs - CrySyS Lab

Create successful ePaper yourself

Delete template?

Save as template?