| Public key cryptography standards (PKCS)#11defines an API for applications and cryptographic devices such as USB key tokens, Hardware Security Modules (HSMs), and smartcards that has been widely adopted in industry. PKCS#11allows the application program interface that connects with the outside and encryption devices to interact with. The application program can use the key in the encryption device for encryption and key management functions. PKCS#11designs the interface even if it contacts with the malicious programs or applications without security and the sensitive keys stored on the device don’t export in the plain text. However, the application program gives rise to a number of serious security vulnerabilities in practical, for example, the attacker uses the interface operations to attack the sensitive keys stored on the device.Clulow revealed the existence of such attacks on PKCS#11in2003. Since then, many efforts have been made to formally analyze APIs using model checkers, theorem provers and so on, but none of these models account for mutable global state. Stephanie Delaune sets up their own DKS formal analysis model based on the mutable global state and sensitive key protection for in-depth point, and analyzes the attacks of PKCS#11, proposes the key protection mechanism.This paper uses the key management operations as the main target and extends the DKS model. Modeling the PKCS#11key management interface and using the NuSMV formal detection tool to detect the presence of the attack path and way automatically, this paper analyzes the security of key management and a variety of situations that the attackers get the sensitive keys. It also solves the problems that a large number of keys and complex attributes lead to low detection efficiency and imperfect security threat detection, and verifies the security configuration of the sensitive keys that already exit and presenting corresponding perfect mechanism. In some point, this paper improves the security of sensitive key in PKCS#11. |
PDF Full Text Request