Research And Implementation Of PKCS#11Test Platform

Posted on:2015-03-16

Degree:Master

Type:Thesis

Country:China

Candidate:W Z Tang

Full Text:PDF

GTID:2268330425976155

Subject:Information security

Abstract/Summary:

PDF Full Text Request

PKCS#11(Public key cryptography standards) defines an API for cryptographic devices,called "Cryptoki".The standard has been widely used in industry. If the Cryptoki libraries and cryptographic devices of manufacturers’does not meet the PKCS#11standard,its compatibility wouldn’t be guaranteed, and then interoperability would be reduced. Eventually, it would bring great inconvenience to the users.Based on the PKCS#11standard analysis and research, we propose and design a test system to test the "Cryptoki" library, whether it accords with PKCS#11. At the same time, we also propose the security test of PKCS#11. The test system includes the protocol conformance test and performance test. Protocol conformance test tests wether the interface function and algorithm of the "Cryptoki" library conform to the PKCS#11. About protocol conformance test, we designs the basic function test, abnormal function test, composite test and attributes constraint test, based on CppUnit framework, which makes the test range more extensive and comprehensive. Performance test mainly tests the execute time of the encryption algorithm function and provides the reliable foundation for the estimating of algorithmic execution efficiency. Security test tests the design flaws whether the PKCS#11sets conflicting attribute, which causes the problem that the enemy gets the sensitive key. We model the PKCS#11key management functions based on the Stephanie’s DKS model, use the SATMC formal detection tool to detect the attack path automatically, and analyze the security of the command funcition. We verify the attack path which already exists in the current study by analysising the test results of SATMC tool, and find a new couple of conflict attributes, then put forward a mechanism to improve the standard.The test system of PKCS#11designed in this paper is more complete and it could be the reference in "Cryptoki" library test. At the same time, the security policy provided by this paper, is worthy of reference for manufacturers to create a more secure "Cryptoki" library and cryptographic device.

Keywords/Search Tags:

PKCS#11, Cryptoki, CppUnit, conformance testing, key management, DKS model, SATMC, formal detection

PDF Full Text Request

Related items

1	Pkcs # 11 Conformance Test System Research And Realization
2	The Research On Key Management Of PKCS#11
3	Routing Protocol Conformance Testing
4	Digitol Mobile Raido Equipment RF Conformance Testing System Research And Design
5	800/900MHz Frequency Band Radio Frequency Identification Equipment RF Conformance Testing System Research And Design
6	Design Of Data Security Management Architecture Based On PKCS#11 And Research Of Its Key Technology
7	Research On Formal Verification Technology For Cryptographic Module's APIs
8	Design And Implementation Of Cryptographic Token Interface System Based On Suite-B
9	Research On Formal Modeling And Conformance Verification Of Web Service
10	Based On Fault Model Protocol Conformance Testing Method And System For Linux