Most developers use cryptography via an application program interface (API) either to a software library or a hardware device where keys are stored and all cryptographic operations take place. Designing such interfaces so that they offer flexible functionality but cannot be abused to reveal keys or secrets has proved to be extremely difficult, with a number of published vulnerabilities in widely-used crypto APIs appearing over the last decade.
This lecture will focus on the example of RSA PKCS#11, the most widely used interface for cryptographic devices, but will allow us to develop principles and concepts that apply to most crypto APIs. We will demonstrate a tool, Tookan, which can reverse engineer the particular configuration of PKCS#11 in use on some device under test, construct a model of the device's functionality, and call a model checker to search for attacks. If an attack is found, it can be executed automatically on the device. We will also look at attacks related to the implementation of cryptography.
This lecture follows naturally from the general introduction to security APIs, but is independent in the sense that it is disjoint and self-contained.
Learning objectives
basic design of cryptographic APIs
logical flaws in key management
cryptographic flaws in implementations
The lecture was delivered at SecAppDev 2013 in Leuven, Belgium, by Graham Steel.
Graham Steel holds a masters in mathematics from the University of Cambridge and a PhD in informatics from the University of Edinburgh. He is currently a researcher at INRIA, the French national agency for computer science research, where he is part of the Prosecco project team based in central Paris.
Steel's main research interests are in formal analysis of information security and applied cryptography. His current work on cryptographic API verification involves using formal techniques to construct and analyse abstract models of cryptographic device interfaces. In addition to international conference and journal publications, his recent results have featured in Wired magazine and the New York Times.
He has taught courses on security APIs at Tsinghua University (Beijing) and the University of Venice (Italy) as well as organising a Dagstuhl seminar on the subject.