CryptokiX: a cryptographic software token with security fixes
Size: px
Start display at page:

Download "CryptokiX: a cryptographic software token with security fixes"

Transcription

1 Tookan tool for cryptoki analysis CryptokiX: a cryptographic software token with security fixes Riccardo Focardi Università Ca' Foscari, Venezia joint work with M. Bortolozzo, M. Centenaro and G. Steel 4th International Workshop on Analysis of Security APIs (ASA-4) July 21, 2010, Edinburgh Work partially supported by MIUR project SOFT Security Oriented Formal Techniques

2 PKCS#11 PIN should protect sensitive objects even on a compromised hosts (PIN can be easily intercepted )

3 PKCS#11 Objects Objects are referenced via handles sensitive: true encrypt: true decrypt: true Every object has attributes Encrypt some data under the orange key

4 PKCS#11 Key Management Create a new key inside the token Export a key encrypted under another key (WrapKey) { } sensitive: true encrypt: true decrypt: true { } Import a previously exported key (UnwrapKey)

5 A well known attack This class of attacks can be prevented by imposing policies on the attributes (no need of new crypto mechanisms!) sensitive: true wrap: true decrypt: true Wrap the green key with the red one { } { } sensitive: true Decrypt it with the orange key

6 Attribute Policies Sticky Tokens might implement the standard in different ways Which policies do they implement? How do they protect from key-separation attacks? Once an attribute is set (unset), it may not be unset (set). Read-only attributes can be thought as both sticky on and off. Conflicting Pairs of attributes that cannot be simultaneously set. (Not in the PKCS#11 documentation) Tied Attributes whose value is tied (changing one also changes the other)

7 Modeling Real Tokens Templates ::= generatetemplates(templatelist); create_templates(templatelist); unwrap_templates(templatelist); PKCS11_CONFIG::= TemplateList ::= nil (Template),TemplateList Template ::= nil (Attribute, BOOL), Template sticky_on(attributelist) sticky_off(attributelist) conflict(attributepairlist) tied(attributepairlist) sensitive_prevents_read(bool); unextractable_prev_read(bool); Attribute_Restrictions Templates Flags 3 4 SATMC Tookan Device 2 1

8 Analysing opencryptoki sticky_on_asymmetric('sensitive'); sticky_off_asymmetric('extract'); sticky_on_symmetric('sensitive', 'never_extract'); sticky_off_symmetric('extract', 'never_extract'); conflict_symmetric(); conflict_asymmetric(); There There are are no no conflicting conflicting attributes attributes No No clever clever sticky sticky policies policies tied_symmetric('sensitive,always_sensitive', 'extract,never_extract'); tied_asymmetric('sensitive,always_sensitive', 'extract,never_extract'); sensitive_prevents_read(true); unextractable_prevents_read(true);

9 Attacking opencryptoki (1/3) Wrap and Decrypt (conflict) h_mykey = GenerateKey({decrypt => true, wrap => true}); wrapped = WrapKey(h_myKey, h_sensitivekey); thesensitivekey = Decrypt(h_myKey, wrapped); print ("oops: " + thesensitivekey); $ wrap_and_decrypt_conflict Generating mykey {decrypt =>; true, wrap => true} Wrapping sensitivekey with mykey Decrypting the wrapped key using mykey oops: 50891f2f7a487bc3

10 Attacking opencryptoki (2/3) Wrap and Decrypt (sticky) h_mykey = GenerateKey(h_myKey, {decrypt => false, wrap => true}); wrapped = WrapKey(h_myKey, h_sensitivekey); SetAttributes(h_mykey, {wrap => false, decrypt => true}); sensitivekey = Decrypt(h_myKey, wrapped); print ("oops: " + sensitivekey); $ wrap_and_decrypt_sticky Generating mykey {decrypt => false, wrap => true} Wrapping sensitivekey with mykey Changing mykey to {wrap => false, decrypt => true} Decrypting the wrapped key using mykey oops: 50891f2f7a487bc3

11 Attacking opencryptoki (3/3) Wrap and Decrypt (key aliases ) wrapped=403aldb4f345fdc0 $ wrapping_format // whatever bytestream h_mykey = GenerateKey(h_myKey, {unwrap => true}); h_deckey=unwrapkey(h_mykey, wrapped, {decrypt => true, wrap => false}); h_wrapkey=unwrapkey(h_mykey, wrapped, {decrypt => false, wrap => true}); wrapped=wrapkey(h_wrapkey, h_sensitivekey); sensitivekey=decrypt(h_deckey, wrapped); print ("oops: " + sensitivekey); Generating unwrapkey {unwrap => true} Unwrap wrapped as deckey {decrypt => true, wrap => false} Unwrap wrapped as wrapkey {decrypt => false, wrap => true} Wrapping sensitivekey under wrapkey Decrypting the wrapped key using deckey oops: 50891f2f7a487bc3

12 CryptokiX CryptokiX is a fixed software token based on opencryptoki Its security is configurable by selectively enabling different patches Available at

13 CryptokiX Conflicts Users can specify conflicting attributes sticky_on_asymmetric('sensitive'); sticky_off_asymmetric('extract'); sticky_on_symmetric('sensitive', 'never_extract'); sticky_off_symmetric('extract', 'never_extract'); conflict_symmetric('wrap,decrypt', 'unwrap,encrypt'); conflict_asymmetric(); tied_symmetric('sensitive,always_sensitive', 'extract,never_extract'); tied_asymmetric('sensitive,always_sensitive', 'extract,never_extract'); sensitive_prevents_read(true); unextractable_prevents_read(true);

14 CryptokiX Conflicts Users can specify conflicting attributes sticky_on_asymmetric('sensitive'); $ wrap_and_decrypt_conflict sticky_off_asymmetric('extract'); sticky_on_symmetric('sensitive', Generating mykey {decrypt => true, 'never_extract'); wrap => true} sticky_off_symmetric('extract', ERROR swtok common/key.c:1308 Conflicting 'never_extract'); attributes detected ERROR swtok common/new_host.c:3922 Key Generation failed conflict_symmetric('wrap,decrypt', wrap_and_decrypt_conflict.c:70 C_GenerateKey 'unwrap,encrypt'); () exited with error conflict_asymmetric(); $ wrap_and_decrypt_sticky tied_symmetric('sensitive,always_sensitive', 'extract,never_extract'); tied_asymmetric('sensitive,always_sensitive', Generating mykey {decrypt => false, wrap => true} 'extract,never_extract'); Wrapping sensitivekey with mykey sensitive_prevents_read(true); Changing mykey to {wrap => false, decrypt => true} unextractable_prevents_read(true); Decrypting the wrapped key using mykey oops: 50891f2f7a487bc3

15 CryptokiX Sticky Users can specify sticky attributes sticky_on_asymmetric('sensitive'); sticky_off_asymmetric('extract'); sticky_on_symmetric('sensitive', 'never_extract', 'wrap', 'unwrap', 'encrypt', 'decrypt'); sticky_off_symmetric('extract', 'never_extract'); conflict_symmetric(); conflict_asymmetric(); tied_symmetric('sensitive,always_sensitive', 'extract,never_extract'); tied_asymmetric('sensitive,always_sensitive', 'extract,never_extract'); sensitive_prevents_read(true); unextractable_prevents_read(true);

16 CryptokiX Sticky $ wrap_and_decrypt_sticky Users can specify sticky attributes Generating mykey {decrypt => false, wrap => true} Wrapping sensitivekey with mykey sticky_on_asymmetric('sensitive'); Changing mykey to {wrap => false, decrypt => true} sticky_off_asymmetric('extract'); ERROR swtok common/key.c:1398 Attempt to modify a sticky attribute sticky_on_symmetric('sensitive', 'never_extract', 'wrap', 'unwrap', detected 'encrypt', 'decrypt'); ERROR swtok ommon/new_host.c:2083 Object Set Attribute Values Failed sticky_off_symmetric('extract', 'never_extract'); wrap_and_decrypt_sticky.c:80 C_SetAttributes () exited with error conflict_symmetric(); $ wrapping_format conflict_asymmetric(); Generating unwrapkey {unwrap => true} tied_symmetric('sensitive,always_sensitive', Unwrap wrapped as deckey {decrypt => true, wrap 'extract,never_extract'); => false} tied_asymmetric('sensitive,always_sensitive', Unwrap wrapped wrapkey {decrypt => false, wrap 'extract,never_extract'); => true} Wrapping sensitivekey under wrapkey sensitive_prevents_read(true); Decrypting the wrapped key using deckey unextractable_prevents_read(true); oops: 50891f2f7a487bc3

17 CryptokiX Wrapping format keep track of key template when wrapping it check that it corresponds when unwrapping Encode sensitive, always_sensitive, wrap, unwrap, encrypt and decrypt attributes in one byte Compute a CBC-MAC of the standard WrapKey result and the encoded attributes $ wrapping_format Generating unwrapkey {unwrap => true} Unwrap wrapped as deckey {decrypt => true,wrap => false} ERROR swtok common/key_mgr.c:1440 Template Inconsistent ERROR swtok common/new_host.c:4170 Unwrap Key Failed wrapping_format.c:72 C_UnwrapKey () exited with error

18 CryptokiX Secure templates NEW limit the set of admissible assignments for key attributes configurable for each PKCS#11 command generate, unwrap, create first secure configuration of PKCS#11 that does not require new cryptographic mechanisms

19 CryptokiX Secure templates Key generation Key encrypting keys (wrap and unwrap set) Data key (encrypt and decrypt set) Imported keys unwrap,encrypt set and wrap,decrypt unset

20 CryptokiX Secure templates Unwrap: true Encrypt: true Encrypted communication Unwrap: true Encrypt: true { } { } Encrypt: true Decrypt: true Encrypt: true Decrypt: true

21 CryptokiX Secure templates Encrypted communication {this is a secret} {I'll tell no one}

22 CryptokiX A secure, fully fledge token can be realized in practice Useful for educational purposes Open-source Patches can be examined Fixes can be extended by anyone Future work Make it configurable at run-time Implement more fixes

23 References [1] CryptokiX. [2] opencryptoki. [3] M. Bortolozzo, M. Centenaro, R. Focardi, and G. Steel. Attacking and Fixing PKCS#11 Security Tokens. To appear at ACM CCS, October 2010 [4] J. Clulow. On the security of PKCS#11. In CHES 2003 [5] S. Delaune, S. Kremer, and G. Steel. Formal analysis of PKCS#11. In IEEE CSF 08 [6] RSA Security Inc., v2.20. PKCS #11: Cryptographic Token Interface Standard., June 2004.

24 Thank you! (contact me if you want to see a demo offline)

Similar documents

Formal Analysis of Key Management APIs

Formal Analysis of Key Management APIs Formal Analysis of Key Management APIs Graham Steel with Matteo Bortolozzo, Matteo Centenaro, Riccardo Focardi INRIA & LSV, ENS de Cachan and Università Ca Foscari, Venezia Cryptographic key management

More information

Attacking and Fixing PKCS#11 Security Tokens

Attacking and Fixing PKCS#11 Security Tokens Attacking and Fixing PKCS#11 Security Tokens ABSTRACT Matteo Bortolozzo Università Ca Foscari Venezia, Italy mbortolo@dsi.unive.it Riccardo Focardi Università Ca Foscari Venezia, Italy focardi@dsi.unive.it

More information

Secure your PKCS#11 token against API attacks!

Secure your PKCS#11 token against API attacks! M. Bortolozzo, G. Marchetto, R. Focardi Università di Venezia, Italy focardi@dsi.unive.it G. Steel LSV, CNRS & ENS de Cachan, France graham.steel@lsv.ens-cachan.fr Abstract PKCS#11 defines a widely adopted

More information

Analysing Cryptographic Hardware Interfaces with Tookan

Analysing Cryptographic Hardware Interfaces with Tookan Analysing Cryptographic Hardware Interfaces with Tookan Graham Steel joint work with R. Bardou, M. Bortolozzo, M. Centenaro, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay Graham Steel September 23,

More information

Analysis of Cryptographic APIs

Analysis of Cryptographic APIs Analysis of Cryptographic APIs Graham Steel LSV, INRIA & CNRS & ENS-Cachan Cryptography in Practice v1 PM talks to client to understand security goals and threats 1/28 Cryptography in Practice v1 Engineer

More information

Concepts and Proofs for Configuring PKCS#11

Concepts and Proofs for Configuring PKCS#11 Concepts and Proofs for Configuring PKCS#11 Sibylle Fröschle 1 Nils Sommer 2 1 University of Oldenburg Germany 2 MWR InfoSecurity UK September 15, 2011 1 / 31 Public Key Cryptographic Standard (PKCS) #11

More information

Cryptographic Key Management APIs. Graham Steel

Cryptographic Key Management APIs. Graham Steel Cryptographic Key Management APIs Graham Steel Graham Steel 5 March 2013 In this Lecture What is a Cryptographic Security API? RSA PKCS#11 (Cryptoki) Vulnerabilities and mitigations Formal Analysis Other

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2

More information

Secret-in.me. A pentester design of password secret manager

Secret-in.me. A pentester design of password secret manager Secret-in.me A pentester design of password secret manager Who am I? Security engineer Working at SCRT France! Password manager Password A string Secret Information shared by very few people You have to

More information

Access Control in KMIPv1.1

Access Control in KMIPv1.1 Robert Haas, Marko Vukolic (IBM) 7 April 2010 Access Control in KMIPv1.1 Summary of Changes Changes wrt. the last set of slides in red 2 additional role permissions related to creation/registration using

More information

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj Somorovsky Ruhr University Bochum 3curity GmbH juraj.somorovsky@3curity.de About me Security Researcher at: Chair

More information

Security Requirements for Crypto Devices

Security Requirements for Crypto Devices Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements

More information

Encrypt Data (QC3ENCDT, Qc3EncryptData) API

Encrypt Data (QC3ENCDT, Qc3EncryptData) API Page 1 of 16 Encrypt Data (QC3ENCDT, Qc3EncryptData) API Required Parameter Group: 1 Clear data Input Char(*) 2 Length of clear data Input Binary(4) 3 Clear data format name Input Char(8) 4 Algorithm description

More information

A Linux kernel cryptographic framework: Decoupling cryptographic keys from applications [extended version]

A Linux kernel cryptographic framework: Decoupling cryptographic keys from applications [extended version] A Linux kernel cryptographic framework: Decoupling cryptographic keys from applications [extended version] Nikos Mavrogiannopoulos Dept. of Electrical Engineering/COSIC Katholieke Universiteit Leuven Bart

More information

Efficient Padding Oracle Attacks on Cryptographic Hardware

Efficient Padding Oracle Attacks on Cryptographic Hardware Efficient Padding Oracle Attacks on Cryptographic Hardware Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay To cite this version: Romain Bardou, Riccardo

More information

PKCS #11: Conformance Profile Specification

PKCS #11: Conformance Profile Specification Table of Contents PKCS #11: Conformance Profile Specification RSA Laboratories October 1, 2000 1 INTRODUCTION... 2 1 REFERENCES AND RELATED DOCUMENTS... 2 2 DEFINITIONS... 3 3 SYMBOLS AND ABBREVIATIONS...

More information

MTAT Applied Cryptography

MTAT Applied Cryptography MTAT.07.017 Applied Cryptography Smart Cards 2 University of Tartu Spring 2014 1 / 20 Security Model Parties involved in smart card based system: Cardholder Data owner Terminal Card issuer Card manufacturer

More information

Entegrity PKCS#11 Workbench. Description

Entegrity PKCS#11 Workbench. Description Entegrity PKCS#11 Workbench Description Version 1.4 9 Oct 2000 Overview The Entegrity PKCS#11 Workbench is a C/C++ program. Source is provided. The workbench has been used in both Wintel and Solaris environments.

More information

FIPS Security Policy UGS Teamcenter Cryptographic Module

FIPS Security Policy UGS Teamcenter Cryptographic Module FIPS 140-2 Security Policy UGS Teamcenter Cryptographic Module UGS Corp 5800 Granite Parkway, Suite 600 Plano, TX 75024 USA May 18, 2007 Version 1.3 containing OpenSSL library source code This product

More information

The SafeNet Security System Version 3 Overview

The SafeNet Security System Version 3 Overview The SafeNet Security System Version 3 Overview Version 3 Overview Abstract This document provides a description of Information Resource Engineering s SafeNet version 3 products. SafeNet version 3 products

More information

Fast SQL blind injections in high latency networks

Fast SQL blind injections in high latency networks Fast SQL blind injections in high latency networks Riccardo Focardi DAIS, Università Ca Foscari Venezia, Italy Email: focardi@dsi.unive.it Flaminia L. Luccio DAIS, Università Ca Foscari Venezia, Italy

More information

NIST Cryptographic Toolkit

NIST Cryptographic Toolkit Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others

More information

Robbing the Bank with a Theorem Prover

Robbing the Bank with a Theorem Prover Robbing the Bank with a Theorem Prover (Transcript of Discussion) Jolyon Clulow Cambridge University So it s a fairly provocative title, how did we get to that? Well automated tools have been successfully

More information

This Security Policy describes how this module complies with the eleven sections of the Standard:

This Security Policy describes how this module complies with the eleven sections of the Standard: Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights

More information

Server-side web security (part 2 - attacks and defences)

Server-side web security (part 2 - attacks and defences) Server-side web security (part 2 - attacks and defences) Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Basic injections $query = "SELECT name, lastname,

More information

keyon / PKCS#11 to MS-CAPI Bridge User Guide V2.4

keyon / PKCS#11 to MS-CAPI Bridge User Guide V2.4 / PKCS#11 to MS-CAPI Bridge V2.4 April 2017 Table of Contents Copyright 2017 by AG All rights reserved. No part of the contents of this manual may be reproduced or transmitted in any form or by any means

More information

Lecture 2 Applied Cryptography (Part 2)

Lecture 2 Applied Cryptography (Part 2) Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2

More information

ICSF Update Session #7997

ICSF Update Session #7997 ICSF Update Session #7997 Greg Boyd boydg@us.ibm.com Permission is granted to SHARE to publish this presentation in the SHARE Proceedings. IBM retains its right to distribute copies of this presentation

More information

Cryptographic Concepts

Cryptographic Concepts Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general

More information

SSL/TLS. How to send your credit card number securely over the internet

SSL/TLS. How to send your credit card number securely over the internet SSL/TLS How to send your credit card number securely over the internet The security provided by SSL SSL is implemented at level 4 The transport control layer In practice, SSL uses TCP sockets The underlying

More information

FIPS Non-Proprietary Security Policy

FIPS Non-Proprietary Security Policy Quantum Corporation Scalar Key Manager Software Version 2.0.1 FIPS 140-2 Non-Proprietary Security Policy Document Version 1.4 Last Update: 2010-11-03 8:43:00 AM 2010 Quantum Corporation. May be freely

More information

Integral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy

Integral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy Integral Memory PLC. Chassis) and Crypto Dual Plus (Underlying FIPS 140-2 Security Policy Table of Contents 1. INTRODUCTION... 1 1.1 Purpose....1 1.2 References... 1 1.3 Document History... 1 2. PRODUCT

More information

Smart card OMNIKEY 6121 Mobile USB Reader integration with Linux

Smart card OMNIKEY 6121 Mobile USB Reader integration with Linux Smart card OMNIKEY 6121 Mobile USB Reader integration with Linux Tested with Ubuntu 10.04 and Linux Mint 9 Isadora 32/64-bit A. Overview. HID Global's OMNIKEY product brand, one of the world's leading

More information

Kerberos5 1. Kerberos V5

Kerberos5 1. Kerberos V5 Kerberos5 1 Kerberos V5 Kerberos5 2 ASN.1 data representation language: data structure (ß definition C struct, union), but variable length-arrays, optional elements, labeling,... data representation on

More information

CoSign Hardware version 7.0 Firmware version 5.2

CoSign Hardware version 7.0 Firmware version 5.2 CoSign Hardware version 7.0 Firmware version 5.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation July 2010 Copyright 2009 AR This document may be freely reproduced and distributed whole and

More information

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.

Symmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES. Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.

More information

DROWN - Breaking TLS using SSLv2

DROWN - Breaking TLS using SSLv2 DROWN - Breaking TLS using SSLv2 Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper,

More information

Security Policy Document Version 3.3. Tropos Networks

Security Policy Document Version 3.3. Tropos Networks Tropos Control Element Management System Security Policy Document Version 3.3 Tropos Networks October 1 st, 2009 Copyright 2009 Tropos Networks. This document may be freely reproduced whole and intact

More information

Seagate Secure TCG Enterprise and TCG Opal SSC Self-Encrypting Drive Common Criteria Configuration Guide

Seagate Secure TCG Enterprise and TCG Opal SSC Self-Encrypting Drive Common Criteria Configuration Guide Seagate Secure TCG Enterprise and TCG Opal SSC Self-Encrypting Drive Common Criteria Configuration Guide Version 1.0 February 14, 2018 Contents Introduction 3 Operational Environment 3 Setup and Configuration

More information

: Practical Cryptographic Systems March 25, Midterm

: Practical Cryptographic Systems March 25, Midterm 650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are

More information

ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1

ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1 ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation April 2012 Copyright 2012 Algorithmic Research This document

More information

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009 Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2 Meru Networks Revision Date: June 24, 2009 Copyright Meru Networks 2008. May be reproduced only in its original entirety

More information

Encrypting and Decrypting using CTR and CBC Modes in C# with BouncyCastle

Encrypting and Decrypting using CTR and CBC Modes in C# with BouncyCastle SE425: Communication and Information Security Recitation 5 Semester 2 5778 16 April 2018 Encrypting and Decrypting using CTR and CBC Modes in C# with BouncyCastle In this week s recitation we ll learn

More information

Verifying Real-World Security Protocols from finding attacks to proving security theorems

Verifying Real-World Security Protocols from finding attacks to proving security theorems Verifying Real-World Security Protocols from finding attacks to proving security theorems Karthik Bhargavan http://prosecco.inria.fr + many co-authors at INRIA, Microsoft Research, Formal security analysis

More information

(Otherwise, I wouldn t be talking about our move in this newsletter.)

(Otherwise, I wouldn t be talking about our move in this newsletter.) www.mainframecrypto.com gregboyd@mainframecrypto.com Tel: 240-772-1539 Missing Newsletter? For those of you that were wondering, there wasn t a July issue of the Mainframe Crypto Newsletter. While I had

More information

Overview of Authentication Systems

Overview of Authentication Systems Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/

More information

PKI BLADE Applet and Protiva PIV DL Card Security Policy

PKI BLADE Applet and Protiva PIV DL Card Security Policy PKI BLADE Applet and Protiva PIV DL Card Security Policy TITLE PKI BLADE Applet and Protiva PIV DL Card - Security Policy REF. TBD 0.9 DATE: 26 April, 2011 1 TABLE OF CONTENTS 1 Scope... 5 2 Introduction...

More information

Securing Your Crypto Infrastructure

Securing Your Crypto Infrastructure Unscrambling the Complexity of Crypto! Securing Your Crypto Infrastructure Greg Boyd (gregboyd@mainframecrypto.com) June 2018 Copyrights and Trademarks Copyright 2018 Greg Boyd, Mainframe Crypto, LLC.

More information

Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets

Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets TABLE OF CONTENTS 1 SCOPE OF DOCUMENT... 1 2 INTRODUCTION... 1 3 SECURITY LEVELS... 1 3.1 CRYPTOGRAPHIC MODULE SPECIFICATION...

More information

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,

More information

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2 Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level

More information

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1 Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.3 2014-01-08 Copyright 2014 Oracle Corporation Table

More information

Lecture 18 - Chosen Ciphertext Security

Lecture 18 - Chosen Ciphertext Security Lecture 18 - Chosen Ciphertext Security Boaz Barak November 21, 2005 Public key encryption We now go back to public key encryption. As we saw in the case of private key encryption, CPA security is not

More information

How to use NCryptoki Author: Ugo Chirico Data:

How to use NCryptoki Author: Ugo Chirico Data: How to use NCryptoki Author: Ugo Chirico http://www.ugochirico.com Data: 2010-09-20 Introduction PKCS#11 (Public Key Cryptography Standards No. 11) specifications, developed by RSA Data Security labs,

More information

Enterprise Key Management Infrastructure: Understanding them before auditing them. Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC

Enterprise Key Management Infrastructure: Understanding them before auditing them. Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC Enterprise Key Management Infrastructure: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EI-TC Agenda What is an EI? Components of an EI Auditing an EI ISACA members

More information

CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC Security Policy. Version 3 June 30, 2010

CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC Security Policy. Version 3 June 30, 2010 CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 June 30, 2010 Dolby Laboratories Licensing Corporation Corporate Headquarters Dolby Laboratories, Inc. Dolby Laboratories Licensing

More information

Dolphin Board. FIPS Level 3 Validation. Security Policy. Version a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.

Dolphin Board. FIPS Level 3 Validation. Security Policy. Version a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1. Dolphin Board FIPS 140-2 Level 3 Validation Security Policy Version 1.3 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.3 Table of Contents 1 INTRODUCTION...3 1.1 PURPOSE...3 1.2 REFERENCES...3

More information

Card Specification Amendment A March 2004

Card Specification Amendment A March 2004 Card Specification 2.1.1 March 2004 Use of this information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly prohibited. 2 GlobalPlatform Card

More information

Workshop Challenges Startup code in PyCharm Projects

Workshop Challenges Startup code in PyCharm Projects INTRODUCTION TO CRYPTOGRAPHIC ATTACKS EXERCISE LOGISTICS Workshop Challenges Startup code in PyCharm Projects BLOCK CIPHERS Fixed sized input Random looking output for each message and key Block Cipher

More information

Kerberos V5. Raj Jain. Washington University in St. Louis

Kerberos V5. Raj Jain. Washington University in St. Louis Kerberos V5 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/ 11-1

More information

CSC 474/574 Information Systems Security

CSC 474/574 Information Systems Security CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message

More information

Activity Guide - Public Key Cryptography

Activity Guide - Public Key Cryptography Unit 2 Lesson 19 Name(s) Period Date Activity Guide - Public Key Cryptography Introduction This activity is similar to the cups and beans encryption we did in a previous lesson. However, instead of using

More information

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore PKI Standards Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying Authorities (CCA) Government of India 1 PKCS Why PKCS? Even

More information

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC Dolphin DCI 1.2 FIPS 140-2 Level 3 Validation Non-Proprietary Security Policy Version 1.0 DOL.TD.000921.DRM Page 1 Version 1.0 Table of Contents 1 Introduction... 3 1.1 PURPOSE... 3 1.2 REFERENCES... 3

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.

More information

With the edition of this document, all previous editions become void. Indications made in this document may be changed without previous notice.

With the edition of this document, all previous editions become void. Indications made in this document may be changed without previous notice. SECURITY POLICY Contactless Payment and Ticketing Module Copyright 2015 2016 by ELECTRONIC GmbH Lange Strasse 4 D-35781 Weilburg-Waldhausen Tel.: +49 6471 3109-0 http://www.feig.de With the edition of

More information

PKCS #15: Conformance Profile Specification

PKCS #15: Conformance Profile Specification Table of Contents PKCS #15: Conformance Profile Specification RSA Laboratories August 1, 2000 1 INTRODUCTION... 2 1 REFERENCES AND RELATED DOCUMENTS... 2 2 DEFINITIONS... 2 3 SYMBOLS AND ABBREVIATIONS...

More information

Cracking bank PINs by playing Mastermind

Cracking bank PINs by playing Mastermind Cracking bank PINs by playing Mastermind Riccardo Focardi and Flaminia L. Luccio Università Ca Foscari Venezia, {focardi,luccio}@dsi.unive.it Abstract. The bank director was pretty upset noticing Joe,

More information

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney. Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw

More information

Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.

Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2. Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.0 May 2012 Document Changes Date Version Author Description April 2009

More information

Modelling Downgrading in Information Flow Security. A. Bossi, C. Piazza, and S. Rossi. Dipartimento di Informatica Università Ca Foscari di Venezia

Modelling Downgrading in Information Flow Security. A. Bossi, C. Piazza, and S. Rossi. Dipartimento di Informatica Università Ca Foscari di Venezia Modelling Downgrading in Information Flow Security A. Bossi, C. Piazza, and S. Rossi Dipartimento di Informatica Università Ca Foscari di Venezia bossi, piazza, srossi @dsi.unive.it Joint Meeting MYTHS/MIKADO/DART,

More information

Authenticated encryption

Authenticated encryption Authenticated encryption Mac forgery game M {} k R 0,1 s m t M M {m } t mac k (m ) Repeat as many times as the adversary wants (m, t) Wins if m M verify m, t = 1 Mac forgery game Allow the adversary to

More information

Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.

Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University. Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol John Jersin Jonathan Wheeler CS259 Stanford University March 20, 2008 Version 1 Security Analysis of Bluetooth v2.1 + EDR Pairing

More information

Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1

Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.2 12/12/2013 Copyright 2013 Oracle Corporation Table of

More information

Category: Informational June 2018 ISSN: The PKCS #8 EncryptedPrivateKeyInfo Media Type

Category: Informational June 2018 ISSN: The PKCS #8 EncryptedPrivateKeyInfo Media Type Independent Submission S. Leonard Request for Comments: 8351 Penango, Inc. Category: Informational June 2018 ISSN: 2070-1721 Abstract The PKCS #8 EncryptedPrivateKeyInfo Media Type This document registers

More information

FPGA Implementation of Optimized DES Encryption Algorithm on Spartan 3E

FPGA Implementation of Optimized DES Encryption Algorithm on Spartan 3E FPGA Implementation of Optimized DES Encryption Algorithm on Spartan 3E Amandeep Singh, Manu Bansal Abstract - Data Security is an important parameter for the industries. It can be achieved by Encryption

More information

Contents. Configuring SSH 1

Contents. Configuring SSH 1 Contents Configuring SSH 1 Overview 1 How SSH works 1 SSH authentication methods 2 SSH support for Suite B 3 FIPS compliance 3 Configuring the device as an SSH server 4 SSH server configuration task list

More information

WatchKey ProX USB Token Cryptographic Module Hardware Version: K023314A Firmware Version:

WatchKey ProX USB Token Cryptographic Module Hardware Version: K023314A Firmware Version: Watchdata Technologies Pte Ltd. 7F Qiming International Mansion, No.101, Wangjing Lize Middle Park, Chaoyang District, Beijing, P.R.China, 100102 Phone : (8610)6472 2288 (8610)8047 8166 Email : marketing@watchdata.com

More information

Authenticated Encryption in TLS

Authenticated Encryption in TLS Authenticated Encryption in TLS Same modelling & verification approach concrete security: each lossy step documented by a game and a reduction (or an assumption) on paper Standardized complications - multiple

More information

External Encodings Do not Prevent Transient Fault Analysis

External Encodings Do not Prevent Transient Fault Analysis External Encodings Do not Prevent Transient Fault Analysis Christophe Clavier Gemalto, Security Labs CHES 2007 Vienna - September 12, 2007 Christophe Clavier CHES 2007 Vienna September 12, 2007 1 / 20

More information

Cryptography (Overview)

Cryptography (Overview) Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography

More information

Phoenix: Rebirth of a Cryptographic Password-Hardening Service

Phoenix: Rebirth of a Cryptographic Password-Hardening Service Phoenix: Rebirth of a Cryptographic Password-Hardening Service Russell W.F. Lai 1,2 Christoph Egger 1 Dominique Schro der 1 Sherman S.M. Chow 2 1 Friedrich-Alexander-Universita t Erlangen-Nu rnberg University

More information

Protect Yourself Against Security Challenges with Next-Generation Encryption

Protect Yourself Against Security Challenges with Next-Generation Encryption Protect Yourself Against Security Challenges with Next-Generation Encryption agrieco@cisco.com mcgrew@cisco.com How to detect attacks? Malware Broken encryption 2 How to detect attacks? Malware Host Process

More information

Interface. Circuit. CryptoMate

Interface. Circuit. CryptoMate A C O S 5 - C T M C r y p t o M a t e U S B T o k e n Version 1.5 03-2007, Email: info@acs.com.hk Website: www.acs.com.hk CryptoMate USB Token 1.0 Introduction Frustrated by network breaches like Trojan

More information

Solutions to exam in Cryptography December 17, 2013

Solutions to exam in Cryptography December 17, 2013 CHALMERS TEKNISKA HÖGSKOLA Datavetenskap Daniel Hedin DIT250/TDA351 Solutions to exam in Cryptography December 17, 2013 Hash functions 1. A cryptographic hash function is a deterministic function that

More information

Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat

Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries

More information

StorageTek Crypto Key Management System Version 2.x

StorageTek Crypto Key Management System Version 2.x StorageTek Crypto Key Management System Version 2.x Security and Authentication White Paper Part Number: 316198602 April 2010 Revision B Crypto Key Management System, Security and Authentication White

More information

IBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S)

IBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S) IBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S) 1 Copyright IBM Corporation 1994, 2015. IBM Corporation Marketing Communications, Server Group Route 100 Somers, NY

More information

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block? Homework 1. Come up with as efficient an encoding as you can to specify a completely general one-to-one mapping between 64-bit input values and 64-bit output values. 2. Token cards display a number that

More information

Encrypted Local, NAS iscsi/fcoe Storage with ZFS

Encrypted Local, NAS iscsi/fcoe Storage with ZFS Encrypted Local, NAS iscsi/fcoe Storage with ZFS OpenSolaris ZFS Crypto Project Darren Moffat James Hughes Anthony Scarpino Sun Microsystems Inc. ZFS Elevator Pitch To create a reliable storage system

More information

The inverse of a matrix

The inverse of a matrix The inverse of a matrix A matrix that has an inverse is called invertible. A matrix that does not have an inverse is called singular. Most matrices don't have an inverse. The only kind of matrix that has

More information

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon

More information

CS530 Authentication

CS530 Authentication CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request

More information

Version 2.0. FIPS Non-Proprietary Security Policy. Certicom Corp. September 27, 2005

Version 2.0. FIPS Non-Proprietary Security Policy. Certicom Corp. September 27, 2005 Security Builder R FIPS Java Module Version 2.0 FIPS 140-2 Non-Proprietary Security Policy Certicom Corp. September 27, 2005 c Copyright 2005 Certicom Corp. This document may be freely reproduced and distributed

More information

Concrete cryptographic security in F*

Concrete cryptographic security in F* Concrete cryptographic security in F* crypto hash (SHA3) INT-CMA encrypt then-mac Auth. encryption Secure RPC some some some adversary attack attack symmetric encryption (AES). IND-CMA, CCA2 secure channels

More information

Barco ICMP FIPS Non-Proprietary Security Policy

Barco ICMP FIPS Non-Proprietary Security Policy Barco FIPS 140-2 Non-Proprietary Security Policy 1 Page 1 of 26 Table of Content Table of Content... 2 1 Introduction... 3 1.1 Security Level... 3 1.2 Cryptographic Boundary... 4 1.3 FIPS 140-2 Approved

More information

Apache Commons Crypto: Another wheel of Apache Commons. Dapeng Sun/ Xianda Ke

Apache Commons Crypto: Another wheel of Apache Commons. Dapeng Sun/ Xianda Ke Apache Commons Crypto: Another wheel of Apache Commons Dapeng Sun/ Xianda Ke About us Dapeng Sun @Intel Apache Commons Committer Apache Sentry PMC Xianda Ke @Intel Apache Commons Crypto Apache Pig(Pig

More information

CS 161 Computer Security

CS 161 Computer Security Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values

More information

PADDING ORACLE FOR THE MASSES

PADDING ORACLE FOR THE MASSES PADDING ORACLE FOR THE MASSES 1 What is this presentation about? This presentation is a scrap book from our experience developing a reliable exploit against ASP.Net It tooks 2 people working full time

More information

Anonymous Instant Messaging via P2P Onion Routing. Kyle Thompson

Anonymous Instant Messaging via P2P Onion Routing. Kyle Thompson Anonymous Instant Messaging via P2P Onion Routing Kyle Thompson April 21, 2017 1 Kyle Thompson Honours Project - Page 2 Contents 1 Introduction 3 1.1 Context.................................... 3 1.2 Problem

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback