Formal Analysis of Key Integrity in PKCS#11

PKCS#11 is a standard API to cryptographic devices such as smarcards, hardware security modules and usb crypto-tokens. Though widely adopted, this API has been shown to be prone to attacks in which a malicious user gains access to the sensitive keys stored in the devices. In 2008, Delaune, Kremer and Steel proposed a model to formally reason on this kind of attacks. We extend this model to also describe flaws that are based on integrity violations of the stored keys. In particular, we consider scenarios in which a malicious overwriting of keys might fool honest users into using attacker’s own keys, while performing sensitive operations. We further enrich the model with a trusted key mechanism ensuring that only controlled, non-tampered keys are used in cryptographic operations, and we show how this modified API prevents the above mentioned key-replacement attacks

DNA damage induced during mitosis undergoes DNA repair synthesis.

Understanding the mitotic DNA damage response (DDR) is critical to our comprehension of cancer, premature aging and developmental disorders which are marked by DNA repair deficiencies. In this study we use a micro-focused laser to induce DNA damage in selected mitotic chromosomes to study the subsequent repair response. Our findings demonstrate that (1) mitotic cells are capable of DNA repair as evidenced by DNA synthesis at damage sites, (2) Repair is attenuated when DNA-PKcs and ATM are simultaneously compromised, (3) Laser damage may permit the observation of previously undetected DDR proteins when damage is elicited by other methods in mitosis, and (4) Twenty five percent of mitotic DNA-damaged cells undergo a subsequent mitosis. Together these findings suggest that mitotic DDR is more complex than previously thought and may involve factors from multiple repair pathways that are better understood in interphase

Automated analysis of security protocols with global state

Security APIs, key servers and protocols that need to keep the status of transactions, require to maintain a global, non-monotonic state, e.g., in the form of a database or register. However, most existing automated verification tools do not support the analysis of such stateful security protocols - sometimes because of fundamental reasons, such as the encoding of the protocol as Horn clauses, which are inherently monotonic. A notable exception is the recent tamarin prover which allows specifying protocols as multiset rewrite (msr) rules, a formalism expressive enough to encode state. As multiset rewriting is a "low-level" specification language with no direct support for concurrent message passing, encoding protocols correctly is a difficult and error-prone process. We propose a process calculus which is a variant of the applied pi calculus with constructs for manipulation of a global state by processes running in parallel. We show that this language can be translated to msr rules whilst preserving all security properties expressible in a dedicated first-order logic for security properties. The translation has been implemented in a prototype tool which uses the tamarin prover as a backend. We apply the tool to several case studies among which a simplified fragment of PKCS\#11, the Yubikey security token, and an optimistic contract signing protocol

Non-Repudiation in Internet Telephony

We present a concept to achieve non-repudiation for natural language conversations over the Internet. The method rests on chained electronic signatures applied to pieces of packet-based, digital, voice communication. It establishes the integrity and authenticity of the bidirectional data stream and its temporal sequence and thus the security context of a conversation. The concept is close to the protocols for Voice over the Internet (VoIP), provides a high level of inherent security, and extends naturally to multilateral non-repudiation, e.g., for conferences. Signatures over conversations can become true declarations of will in analogy to electronically signed, digital documents. This enables binding verbal contracts, in principle between unacquainted speakers, and in particular without witnesses. A reference implementation of a secure VoIP archive is exhibited.Comment: Accepted full research paper at IFIP sec2007, Sandton, South Africa, 14-16 May 200

Formal analysis of some secure procedures for certificate delivery

The paper describes and formally analyzes two communication protocols to manage the secure emission of digital certificates. The formal analysis is carried out by means of a software tool for the automatic erification of cryptographic protocols with finite behaviour. The tool is able to discover, at a conceptual level, attacks against security procedures. The methodology is general enough to be applied to several kinds of cryptographic procedures and protocols. It is opinion of the authors that this survey contributes towards a better understanding of the structure and aims of a protocol, both for developers, analyzers and final users

Analysis of Key Wrapping APIs:Generic Policies, Computational Security

International audienceWe present an analysis of key wrapping APIs with generic policies. We prove that certain minimal conditions on policies are sufficient for keys to be indistinguishable from random in any execution of an API. Our result captures a large class of API policies, including both the hierarchies on keys that are common in the scientific literature and the non-linear dependencies on keys used in PKCS#11. Indeed, we use our result to propose a secure refinement of PKCS#11, assuming that the attributes of keys are transmitted as authenticated associated data when wrapping and that there is an enforced separation between keys used for wrapping and keys used for other cryptographic purposes. We use the Computationally Complete Symbolic Attacker developed by Bana and Comon. This model enables us to obtain computational guarantees using a simple proof with a high degree of modularity