Cryptology ePrint Archive: Report 2013/237
Type-Based Analysis of Generic Key Management APIs (Long Version)
Pedro Adão and Riccardo Focardi and Flaminia L. Luccio
Abstract: In the past few years, cryptographic key management APIs have been shown to be subject to tricky attacks based on the improper use of cryptographic keys.
In fact, real APIs provide mechanisms to declare the intended use of keys but they are not strong enough to provide key security.
In this paper, we propose a simple imperative programming language for specifying strongly-typed APIs for the management of symmetric,
asymmetric and signing keys. The language requires that type information is stored together with the key but it is independent of the actual
low-level implementation. We develop a type-based analysis to prove the preservation of integrity and confidentiality of sensitive keys and
we show that our abstraction is expressive enough to code realistic key management APIs.
Category / Keywords: foundations / Key-Management APIs, Secure Hardware, Type-based Analysis, PKCS#11
Publication Info: Full Version of CSF2013
Date: received 24 Apr 2013, last revised 1 May 2013
Contact author: pedro adao at ist utl pt
Available format(s): PDF | BibTeX Citation
Version: 20130501:181051 (All versions of this report)
Short URL: ia.cr/2013/237
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]