Type-Based Analysis of PIN Processing APIs

We examine some known attacks on the PIN verification framework, based on weaknesses of the security API for the tamperresistant Hardware Security Modules used in the network. We specify this API in an imperative language with cryptographic primitives, and show how its flaws are captured by a notion of robustness that extends the one of Myers, Sabelfeld and Zdancewic to our cryptographic setting. We propose an improved API, give an extended type system for assuring integrity and for preserving confidentiality via randomized and nonrandomized encryptions, and show our new API to be type-checkable.

[1]  Cédric Fournet,et al.  Cryptographically sound implementations for typed information-flow security , 2008, POPL '08.

[2]  Graham Steel,et al.  Improving PIN Processing API Security , 2009 .

[3]  Graham Steel,et al.  Type-based Analysis of PIN Processing APIs ( full version ) , 2009 .

[4]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[5]  Andrei Sabelfeld,et al.  Cryptographically-masked flows , 2006, Theor. Comput. Sci..

[6]  Martín Abadi,et al.  Secrecy by typing in security protocols , 1999, JACM.

[7]  Jonathan Herzog,et al.  Soundness of Formal Encryption in the Presence of Key-Cycles , 2005, ESORICS.

[8]  David Sands,et al.  Dimensions and principles of declassification , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[9]  Paul C. van Oorschot,et al.  Reducing threats from flawed security APIs: The banking PIN case , 2009, Comput. Secur..

[10]  Benjamin C. Pierce,et al.  Theoretical Aspects of Computer Software , 2001, Lecture Notes in Computer Science.

[11]  Graham Steel Formal analysis of PIN block attacks , 2006, Theor. Comput. Sci..

[12]  Riccardo Focardi,et al.  Information flow security of multi-threaded distributed programs , 2008, PLAS '08.

[13]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[14]  David Sands,et al.  Declassification: Dimensions and principles , 2009, J. Comput. Secur..

[15]  Dieter Gollmann,et al.  Computer Security - ESORICS 2005, 10th European Symposium on Research in Computer Security, Milan, Italy, September 12-14, 2005, Proceedings , 2005, ESORICS.

[16]  Piotr Zielinski,et al.  Decimalisation table attacks for PIN cracking , 2003 .

[17]  Andrew C. Myers,et al.  Enforcing Robust Declassification and Qualified Robustness , 2006, J. Comput. Secur..

[18]  Yassine Lakhnech,et al.  Computationally Sound Typing for Non-interference: The Case of Deterministic Encryption , 2007, FSTTCS.

[19]  Dennis Longley,et al.  An automatic search for security flaws in key management schemes , 1992, Comput. Secur..

[20]  Sanjiva Prasad,et al.  FSTTCS 2007: Foundations of Software Technology and Theoretical Computer Science, 27th International Conference, New Delhi, India, December 12-14, 2007, Proceedings , 2007, FSTTCS.

[21]  Omer Berkman,et al.  The Unbearable Lightness of PIN Cracking , 2007, Financial Cryptography.

[22]  Geoffrey Smith,et al.  A Sound Type System for Secure Flow Analysis , 1996, J. Comput. Secur..

[23]  Graham Steel,et al.  Towards a Type System for Security APIs , 2009, ARSPA-WITS.

[24]  Graham Steel,et al.  Formal Analysis of PKCS#11 , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[25]  Peeter Laud,et al.  On the computational soundness of cryptographically masked flows , 2008, POPL '08.

[26]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[27]  Jolyon Clulow,et al.  Robbing the Bank with a Theorem Prover - (Transcript of Discussion) , 2007, Security Protocols Workshop.

[28]  Martín Abadi,et al.  Formal Eavesdropping and Its Computational Interpretation , 2001, TACS.

[29]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[30]  Steve Zdancewic,et al.  A Cryptographic Decentralized Label Model , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).