On the Security of PKCS#11

Public Key Cryptography Standards (PKCS) #11 has gained wide acceptance within the cryptographic security device community and has become the interface of choice for many applications. The high esteem in which PKCS #11 is held is evidenced by the fact that it has been selected by a large number of companies as the API for their own devices. In this paper we analyse the security of the PKCS #11 standard as an interface (e.g. an application-programming interface (API)) for a security device. We show that PKCS #11 is vulnerable to a number of known and new API attacks and exhibits a number of design weaknesses that raise questions as to its suitability for this role. Finally we present some design solutions.

[1]  Eli Biham,et al.  New types of cryptanalytic attacks using related keys , 1994, Journal of Cryptology.

[2]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[3]  Mike Bond,et al.  Experience Using a Low-Cost FPGA Design to Crack DES Keys , 2002, CHES.

[4]  Marc Joye,et al.  Chinese Remaindering Based Cryptosystems in the Presence of Faults , 1999, Journal of Cryptology.

[5]  Mike Bond,et al.  API-Level Attacks on Embedded Systems , 2001, Computer.

[6]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[7]  Vlastimil Klíma,et al.  Further Results and Considerations on Side Channel Attacks on RSA , 2002, CHES.

[8]  Yvo Desmedt,et al.  Several Exhaustive Key Search Machines and DES , 1986, International Conference on the Theory and Application of Cryptographic Techniques.

[9]  John Gilmore,et al.  Cracking DES - secrets of encryption research, wiretap politics and chip design: how federal agencies subvert privacy , 1998 .

[10]  Jolyon Clulow,et al.  The Design and Analysis of Cryptographic Application Programming Interfaces for Security Devices , 2003 .

[11]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[12]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[13]  Vlastimil Klíma,et al.  Attack on Private Signature Keys of the OpenPGP Format, PGP(TM) Programs and Other Applications Compatible with OpenPGP , 2002, IACR Cryptol. ePrint Arch..

[14]  Robert H. Deng,et al.  Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults , 1997, Security Protocols Workshop.

[15]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[16]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[17]  Bruce Schneier,et al.  Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.

[18]  Mike Bond Attacks on Cryptoprocessor Transaction Sets , 2001, CHES.

[19]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.