You are looking at a specific version 20150129:121315 of this paper. See the latest version.

Paper 2015/063

CamlCrush: A PKCS\#11 Filtering Proxy

R. Benadjila and T. Calderon and M. Daubignard

Abstract

PKCS\#11 is a very popular cryptographic API: it is the standard used by many Hardware Security Modules, smartcards and software cryptographic tokens. Several attacks have been uncovered against PKCS\#11 at different levels: intrinsic logical flaws, cryptographic vulnerabilities or severe compliance issues. Since affected hardware remains widespread in computer infrastructures, we propose a user-centric and pragmatic approach for secure usage of vulnerable devices. We introduce \textit{Caml Crush}, a PKCS\#11 filtering proxy. Our solution allows to dynamically protect PKCS\#11 cryptographic tokens from state of the art attacks. This is the first approach that is immediately applicable to commercially available products. We provide a fully functional open source implementation with an extensible filter engine effectively shielding critical resources. This yields additional advantages to using \textit{Caml Crush} that go beyond classical PKCS\#11 weakness mitigations.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Major revision. CARDIS 2014 - Proceedings. Smart Card Research and Advanced Application Conference.
Keywords
PKCS\#11security APIOCamlproxyfiltersoftware
Contact author(s)
marion daubignard @ ssi gouv fr
History
2015-01-29: received
Short URL
https://ia.cr/2015/063
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.