A Modular Treatment of Cryptographic APIs: The Symmetric-Key Case
详细信息    查看全文
  • 刊名:Lecture Notes in Computer Science
  • 出版年:2016
  • 出版时间:2016
  • 年:2016
  • 卷:9814
  • 期:1
  • 页码:277-307
  • 全文大小:1,058 KB
  • 参考文献:1.Bana, G., Comon-Lundh, H.: Towards unconditional soundness: computationally complete symbolic attacker. In: Degano, P., Guttman, J.D. (eds.) POST 2012 (ETAPS 2012). LNCS, vol. 7215, pp. 189–208. Springer, Heidelberg (2012)CrossRef
    2.Bardou, R., Focardi, R., Kawamoto, Y., Simionato, L., Steel, G., Tsay, J.-K.: Efficient padding oracle attacks on cryptographic hardware. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 608–625. Springer, Heidelberg (2012)CrossRef
    3.Bond, M.: Attacks on cryptoprocessor transaction sets. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 220–234. Springer, Heidelberg (2001)CrossRef
    4.Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and fixing PKCS#11 security tokens. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM CCS 2010, pp. 260–269. ACM Press, October 2010
    5.Cachin, C., Chandran, N.: A secure cryptographic token interface. In: Proceedings of 22th IEEE Computer Security Foundations Symposium (CSF 2009), pp. 141–153. IEEE Computer Society Press (2009)
    6.Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: 28th ACM STOC, pp. 639–648. ACM Press, May 1996
    7.Clulow, J.: On the security of PKCS#11. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 411–425. Springer, Heidelberg (2003)CrossRef
    8.Cortier, V., Keighren, G., Steel, G.: Automatic analysis of the security of XOR-based key management schemes. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 538–552. Springer, Heidelberg (2007)CrossRef
    9.Cortier, V., Steel, G.: A generic security API for symmetric key management on cryptographic devices. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 605–620. Springer, Heidelberg (2009)CrossRef
    10.Cortier, V., Steel, G., Wiedling, C.: Revoke and let live: a secure key revocation api for cryptographic devices. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) ACM CCS 2012, pp. 918–928. ACM Press, October 2012
    11.Courant, J., Monin, J.F.: Defending a bank with a proof assistant. In: WITS, pp. 87–98 (2006)
    12.Daubignard, M., Lubicz, D., Steel, G.: A secure key management interface with asymmetric cryptography. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 63–82. Springer, Heidelberg (2014)CrossRef
    13.Delaune, S., Kremer, S., Steel, G.: Formal analysis of PKCS#11. In: Proceedings of 21th IEEE Computer Security Foundations Symposium (CSF 2008), pp. 331–344. IEEE Computer Society Press (2008)
    14.Fröschle, S., Steel, G.: Analysing PKCS#11 key management APIs with unbounded fresh data. In: Degano, P., Viganò, L. (eds.) ARSPA-WITS 2009. LNCS, vol. 5511, pp. 92–106. Springer, Heidelberg (2009)CrossRef
    15.Gennaro, R., Halevi, S.: More on key wrapping. In: Jacobson Jr., M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 53–70. Springer, Heidelberg (2009)CrossRef
    16.Hofheinz, D., Shoup, V.: GNUC: a new universal composability framework. J. Cryptol. 28(3), 423–508 (2015)MathSciNet CrossRef MATH
    17.Kremer, S., Künnemann, R., Steel, G.: Universally composable key-management. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 327–344. Springer, Heidelberg (2013)CrossRef
    18.Kremer, S., Steel, G., Warinschi, B.: Security for key management interfaces. In: Proceedings of 24th IEEE Computer Security Foundations Symposium (CSF 2011), pp. 266–280. IEEE Computer Society Press (2011)
    19.Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Comput. Secur. 11(1), 75–89 (1992)CrossRef
    20.Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002)CrossRef
    21.Osaki, Y., Iwata, T.: Further more on key wrapping. IEICE Trans. 95–A(1), 8–20 (2012)CrossRef
    22.Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)CrossRef
    23.RSA Security Inc: PKCS#11: cryptographic token interface standard, June 2004
    24.Scerri, G., Stanley-Oakes, R.: Analysis of key wrapping APIs: generic policies, computational security. In: Proceedings of 29th IEEE Computer Security Foundations Symposium (CSF 2016). IEEE Computer Society Press (2016)
  • 作者单位:Thomas Shrimpton (15)
    Martijn Stam (16)
    Bogdan Warinschi (16)

    15. University of Florida, Gainesville, USA
    16. University of Bristol, Bristol, UK
  • 丛书名:Advances in Cryptology – CRYPTO 2016
  • ISBN:978-3-662-53018-4
  • 刊物类别:Computer Science
  • 刊物主题:Artificial Intelligence and Robotics
    Computer Communication Networks
    Software Engineering
    Data Encryption
    Database Management
    Computation by Abstract Devices
    Algorithm Analysis and Problem Complexity
  • 出版者:Springer Berlin / Heidelberg
  • ISSN:1611-3349
  • 卷排序:9814
文摘
Application Programming Interfaces (APIs) to cryptographic tokens like smartcards and Hardware Security Modules (HSMs) provide users with commands to manage and use cryptographic keys stored on trusted hardware. Their design is mainly guided by industrial standards with only informal security promises.

© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号

地址:北京市海淀区学院路29号 邮编:100083

电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700